"The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
"There are no issues that we are aware of. It does its job silently in the background."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"Because we bought two firewalls... we need a central place to manage the policies and deploy them to both devices. It's good that it provides a system management console that is able to manipulate and manage policies in one place and deploy them to different locations."
"The most valuable features are the VPN and web blocker security."
"It provides us with Layer 2 and Layer 3 security."
"Policy VPN, site-to-site VPN, traffic monitoring, anti-spam filters, and all other advanced features are valuable."
"After conducting several tests I found the antivirus is working very well. Additionally, they have a very interesting feature, DNS WatchGuard, which is checking DNS requests for phishing, among other things, and it has caught a lot of unwanted attempts and attacks."
"The most valuable feature is the NAT-ing, the IP addresses... We can direct the traffic where it needs to go. We can control the traffic."
"The main reason we went with it was the security protocols. They were more robust on this device."
"As a whole, it has a very low requirement for ongoing interaction. It's very self-sufficient. If properly patched, it has very high reliability. The total cost of ownership once deployed is very low."
"The solution can scale well."
"This is a capable appliance and the standard features work well for us."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."
"There are a couple of things I wished that it would do, but I can't think of those off the top of my head."
"The only downside is that it is missing an API, that you can use to easily collect information from it."
"The solution is lacking a professional website, they should be updated more often."
"In terms of what could be improved, I would say their web blocker feature. It is still quite a confusing setup, especially when you want to filter out a particular category for granularity. For example, you do not want to filter Facebook but you do want to filter Facebook games only. It can be done, but the process to do it is very confusing."
"This is a great product and offers great protection but they don't hear the customers' needs. They don't make improvements as per the customers' requests."
"Some of the configuration options are somewhat confusing."
"Once you start getting into proxy actions and setting up: "Okay, cool. Once this rule gets triggered, what actions have to happen?" I do know a few people who use WatchGuard and they still have to get assistance when they look at that. So I would file that as a con for WatchGuard. Proxy actions can be a little bit complicated."
"Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard."
"Although manageable, the user interface is a little bit slow and could be improved."
"Sometimes it reboots when you least expect it, and that's the main issue."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
More Zyxel Unified Security Gateway Pricing and Cost Advice →
WatchGuard Firebox is ranked 3rd in Unified Threat Management (UTM) with 27 reviews while Zyxel Unified Security Gateway is ranked 9th in Unified Threat Management (UTM) with 2 reviews. WatchGuard Firebox is rated 8.6, while Zyxel Unified Security Gateway is rated 6.0. The top reviewer of WatchGuard Firebox writes "Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders". On the other hand, the top reviewer of Zyxel Unified Security Gateway writes "Low cost but unresponsive technical support and very unstable performance". WatchGuard Firebox is most compared with Fortinet FortiGate, Sophos XG, pfSense, SonicWall NSa and Azure Firewall, whereas Zyxel Unified Security Gateway is most compared with Fortinet FortiGate, pfSense, Fortinet FortiOS, Sophos UTM and SonicWall NSa. See our WatchGuard Firebox vs. Zyxel Unified Security Gateway report.
See our list of best Unified Threat Management (UTM) vendors and best Firewalls vendors.
We monitor all Unified Threat Management (UTM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
