"Since the product is stable, we do not have to spend additional money to buy other firewalls. Once deployed, we can use the product for a long time. Thus, it is cost effective."
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"The most valuable feature is the access control list (ACL)."
"IPS and Snort are very important because they also differentiate Cisco from other vendors and competitors."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"The content filtering is good."
"Easy to scale solution that provides advanced threat protection. Their technical support is very good, very knowledgeable, and easy to reach."
"I like the solution's configuration, interfaces, and user guides."
"The most valuable features of this solution are the GUI pre-filtering and the ATP (advanced threat protection)."
"The most valuable features are flexibility, ease of setup, and it's a good product cost-wise."
"It has excellent stability."
"The functionality is the same whether it is on hardware or a virtual appliance. The interface is the same. It's nice that it's standardized."
"The most valuable feature is the Global Management System."
"SonicWall has all the usual functions, like LAN configurations, security features, word filters, etc., but it also has the CFS agent, which isn't available in any other firewall. Reporting port support is also there."
"The solution simplifies my business. Normally, for administration, we are using NetApp System Manager on Window since it's easy to create new policies. In a short amount of time, you can create new policies based on new requirements. For example, in the last few months, many requirements changed due to the coronavirus, adding the use of new services, like Office 365, and eLearning tools, like Zoom."
"I like that this product has very few issues."
"It saves us time in the respect that we now have the template built for it so we can get in and get it done. We've had much less problem supporting Voice over IP technologies from different companies. Because our client base has grown over the years, we're probably saving 20 to 30 man-hours a month now that we've got this on a good stable level."
"Their support is excellent, and the stability is very good."
"All of the features have been valuable. There's nothing on my M270 that I'm not using. If you have remote access, you can see how many users are coming from the outside world to be connected to the systems, through the virus systems that we have behind the firewall, in order to gain access to their files and do their work. We can also see how long they stay online and whether these connections are closed forcefully or for any other reasons, such as a glitch or some kind of misbehavior, to see if internet traffic is optimized and if that particular traffic is under company policies, concerning which websites were visited."
"There are no problems with the technical support. If a problem occurs it gets resolved immediately with our technical support partners."
"The ports that I have assigned appear to be unattainable to outside 'mal-actors,' unless they have an address registered on the internet that this thing is expecting. That's a layer of security."
"The features that I have found most valuable are the FireWall features. The management side of WatchGuard is quite easy because it supports two ways to manage it - by the web and the other one they call WatchGuard systems manager. I used to be familiar with WSM only, but they improved their GUI in the web browser and now it is much easier to do it within the web browser."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"The initial setup could be simplified, as it can be complex for new users."
"Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"We still get phishing emails that manage to come through from time to time."
"The scalability is something that should be improved."
"There are a few areas that need improvement including the VPN, user management, and reporting."
"The ongoing service fees are high."
"The product has a lot of bugs, actually. We are facing some issues with this product. The DPI SSL feature which is there, it is not working properly."
"We also need to increase the throughput because the other devices are slower. The throughput will become slow. Since we're using VoIP, it tends to affect the voice quality. Even if you're using a quality service, it tends to decrease."
"We're not particularly fond of the way it generally performs. We are finding ourselves rebooting often. There are freeze-ups and that kind of thing. The stability needs to improve exponentially."
"It would be useful to have an application firewall that prevents the outside world from seeing your private IPs. You don't need to publicize your private IPs to the outside world, and you can create a barrier, like a proxy server."
"In terms of what could be improved, I would say their web blocker feature. It is still quite a confusing setup, especially when you want to filter out a particular category for granularity. For example, you do not want to filter Facebook but you do want to filter Facebook games only. It can be done, but the process to do it is very confusing."
"I don't think I can get a full-blown DNS client from it. I've been trying to have DNS services. It has forwarding, but I don't get the services of a full DNS client. My main difficulty with it is that I can't run a complete service. I need NTP. I need DNS. I need DHCP for my domain, but I only get forwarding. As far as I can tell, I don't get caching and the kinds of reporting and registration needed to host a DNS for a domain. I have to have a separate solution for that."
"Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard."
"The way Secure Sign-On authentication is happening needs to be improved. When the Secure Sign-On portal is turned on, anybody who comes into the campus, whether he or she is a staff member or a guest, has to go past the initial portal. One of the shortcomings is the username. It shouldn't allow permutations or combinations with upper or lower cases. For example, when there is a username abc, it shouldn't allow ABC or Abc. It should not allow the same username, but currently, two separate people can go in. Therefore, its authentication or validation should be improved, and the case sensitiveness should be picked up. If I have restricted someone to two devices, they shouldn't be able to use different combinations of the same username and get into the third or fourth device. It shouldn't allow different combinations of alphabets to be used to log in."
"The solution can improve by adding a feature to tag a MAC address of a computer system in the policy and more IP configuration settings."
"An area for improvement is that when we use a web administration link, there is no security."
"There's always room for improvement, especially if the threats are getting more sophisticated and the IT department cannot sufficiently meet this kind of sophistication with their own knowledge and experience. Knowing that this solution can get up to the level of addressing a lot of these threats is something that everybody wishes for. If we look at the dark web and the lawful web, they are two opposites, and if these two good and bad collide in the world of the internet, you want the best possible product—especially if you cannot get to that point of knowledge. I am just an individual and end user, with limited knowledge of usage. That's why I say there's always room for improvement, from their side and also from mine, because by knowing exactly what they can achieve and the knowledge that they can get on an everyday basis, and the portion that is understandable to me, it's an improvement for them as well."
"There should be better integration and a way to configure multiple vendors into the same data center in order to offer more flexibility."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
SonicWall NSa is ranked 15th in Firewalls with 43 reviews while WatchGuard Firebox is ranked 3rd in Unified Threat Management (UTM) with 21 reviews. SonicWall NSa is rated 7.8, while WatchGuard Firebox is rated 8.4. The top reviewer of SonicWall NSa writes "Easy to scale advanced threat protection solution with knowledgeable technical support, but has occasional bugs". On the other hand, the top reviewer of WatchGuard Firebox writes "Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders". SonicWall NSa is most compared with Fortinet FortiGate, Meraki MX, SonicWall TZ, Sophos XG and Palo Alto Networks NG Firewalls, whereas WatchGuard Firebox is most compared with Fortinet FortiGate, Sophos XG, pfSense, Meraki MX and Untangle NG Firewall. See our SonicWall NSa vs. WatchGuard Firebox report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.