"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"The customer service/technical support is very good with this solution."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"This solution helped us to identify the key areas where we need to focus to block traffic that is malicious to our organization."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."
"Since the product is stable, we do not have to spend additional money to buy other firewalls. Once deployed, we can use the product for a long time. Thus, it is cost effective."
"The VM series has an advantage over the physical version because we are able to change the sources that the machine has, such as the amount of available RAM."
"Using Palo Alto Networks Panorama, we were able to deploy a single point of management and visualization of the firewall infrastructure in cloud, on-premise and integrated with Azure to automate scale up. Its security features, i.e. anti-malware, threat prevention, URL Filtering, VPN, and antivirus are the most valuable. The ID-User integrated with AD and 2FA features are also very useful to provide secure access to servers and some users in the company. "
"Palo Alto Networks VM-Series is very easy to use."
"With the improved visibility we now have, the traffic is being properly monitored, which means that we are better able to manage it. These are improvements that we saw very quickly."
"The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable."
"It has excellent scalability."
"Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view."
"The most valuable feature is that you can control your traffic flowing out and coming it, allowing you to apply malware and threat protection, as well as vulnerability checks."
"It protects against intrusion while allowing needed access."
"It lets me monitor in live time if someone is 'hogging' bandwidth."
"The feature with SonicWall that I have found most valuable is that all the models have the same interface. We don't need to learn different interfaces in the smaller or bigger models."
"It does what it says it is going to do."
"The most valuable feature is content filtering and app control."
"Good site categorization and application controls."
"It's a stable solution."
"We are able to block whatever we want to block by using this product. It provides all required security features, such as content filtering, VPN, in one box. Before switching to SonicWall, we had specified all required features."
"One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"The initial setup can be a bit complex for those unfamiliar with the solution."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"A major area of improvement would be to have more functionality in public clouds, especially in terms of simplifying it. The high availability doesn't work right now because of the limitations in the cloud."
"The only drawback of the user interface is when it comes to policies. When you open it and click on the policies, you have to move manually left and right if you want to see the whole field within the cell. Checkpoint has a very detailed user interface."
"It would be great if some of the load times were faster."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway."
"It would be helpful if we had a direct number for the support manager or the supporting engineer. That would be better than having to email every time because there would be less wait."
"Palo Alto is that it is really bad when it comes to technical support."
"Its web interface is a bit outdated, and it needs to be updated. They can also improve the NAT functionality. We have had issues with the NAT setup."
"The user interface could use some improvement."
"We feel that the setup was complex. So, we asked the tech team about the setup process. They explained how to deploy it in the right way, which made it very simple."
"It'll help if Palo Alto Networks provided better documentation."
"It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity."
"FortiGate has a client DNS in the firewall, but SonicWall doesn't have that. To create or configure a site-to-site VPN tunnel, we have to give a DNS name. Currently, we have to get the DNS name from a third party and then include it in SonicWall, whereas FortiGate has its own client DNS, so it provides a DNS name, and it does not require a third party. There should be a graphical option to view the network utilization and bandwidth usage."
"GUI interface could be improved."
"The reporting analytics could be improved, it is very unstable."
"Sometimes there is a glitch between the network connection. Last time, something happened on our IP phone, the SonicWall team did some updates to fix the issue. However, glitches happen very rarely. I did not experience any other types of problems."
"I would like to see a SonicWall integration with the DLP tool, this would be interesting. Data Loss Prevention integration."
"The log sections could be done more clearly."
"Its reporting can be improved. Currently, we cannot directly get the user names. It only shows the IP, which makes it a bit confusing because we need to use the IP to find the user. If we could directly get the name of the user, it would be better."
"I would like to see lower antivirus pricing."
Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.
Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.
Key Features of Cisco NGFW Firewalls
Reviews from Real Users
Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.
Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "
The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.
The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.
In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.
Palo Alto Networks VM-Series is ranked 10th in Firewalls with 13 reviews while SonicWall TZ is ranked 14th in Firewalls with 37 reviews. Palo Alto Networks VM-Series is rated 8.6, while SonicWall TZ is rated 8.2. The top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". On the other hand, the top reviewer of SonicWall TZ writes "Multifeatured firewall solution with a user-friendly interface, high availability, scalability, and stability". Palo Alto Networks VM-Series is most compared with Azure Firewall, Cisco ASA Firewall, Fortinet FortiGate, Juniper SRX and Check Point CloudGuard Network Security, whereas SonicWall TZ is most compared with Fortinet FortiGate, Sophos XG, Cisco ASA Firewall and pfSense. See our Palo Alto Networks VM-Series vs. SonicWall TZ report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.