"The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
"There are no issues that we are aware of. It does its job silently in the background."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"Because we bought two firewalls... we need a central place to manage the policies and deploy them to both devices. It's good that it provides a system management console that is able to manipulate and manage policies in one place and deploy them to different locations."
"The most valuable features are the VPN and web blocker security."
"It provides us with Layer 2 and Layer 3 security."
"Policy VPN, site-to-site VPN, traffic monitoring, anti-spam filters, and all other advanced features are valuable."
"After conducting several tests I found the antivirus is working very well. Additionally, they have a very interesting feature, DNS WatchGuard, which is checking DNS requests for phishing, among other things, and it has caught a lot of unwanted attempts and attacks."
"The most valuable feature is the NAT-ing, the IP addresses... We can direct the traffic where it needs to go. We can control the traffic."
"The main reason we went with it was the security protocols. They were more robust on this device."
"As a whole, it has a very low requirement for ongoing interaction. It's very self-sufficient. If properly patched, it has very high reliability. The total cost of ownership once deployed is very low."
"The solution can scale well."
"This is a capable appliance and the standard features work well for us."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."
"There are a couple of things I wished that it would do, but I can't think of those off the top of my head."
"The only downside is that it is missing an API, that you can use to easily collect information from it."
"The solution is lacking a professional website, they should be updated more often."
"In terms of what could be improved, I would say their web blocker feature. It is still quite a confusing setup, especially when you want to filter out a particular category for granularity. For example, you do not want to filter Facebook but you do want to filter Facebook games only. It can be done, but the process to do it is very confusing."
"This is a great product and offers great protection but they don't hear the customers' needs. They don't make improvements as per the customers' requests."
"Some of the configuration options are somewhat confusing."
"Once you start getting into proxy actions and setting up: "Okay, cool. Once this rule gets triggered, what actions have to happen?" I do know a few people who use WatchGuard and they still have to get assistance when they look at that. So I would file that as a con for WatchGuard. Proxy actions can be a little bit complicated."
"Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard."
"Although manageable, the user interface is a little bit slow and could be improved."
"Sometimes it reboots when you least expect it, and that's the main issue."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
WatchGuard's approach to network security focuses on bringing best-in-class, enterprise-grade security to any organization, regardless of size or technical expertise. Ideal for SMBs and distributed enterprise organizations, our award-winning Unified Threat Management (UTM) appliances are designed from the ground up to focus on ease of deployment, use, and ongoing management, in addition to providing the strongest security possible.
ZyWALL USG Series delivers high-access quality to help businesses satisfy the demand for always-online communications. For internal deployments, the ZyWALL USG Series provides active-passive High-Availability (HA) service to support device or connection failover.
With Device HA Pro service, the ZyWALL USG Series also supports instant failover, so connections are always maintained when a failover event occurs. For external deployments, the ZyWALL USG Series features multi- WAN load balancing/failover and a comprehensive mobile broadband USB modem support list for WAN backup operations. The ZyWALL USG Series also supports IPSec load balancing and failover, providing additional resilience for mission-critical VPN failover with VTI Interface deployments.
ZyWALL USG110/210/310 thoroughly protects networks with industry-leading firewall, Anti-Malware/ Virus, Anti-Spam, Content Filtering, IDP, and Application Patrol functionality. Regulate unauthorized use of Web applications over your network, such as Facebook, Google apps, and Netflix, among others. Zyxel security measures are enhanced with SSL Inspection, blocking threats hidden in SSL-encrypted connections while facilitating deeper policy enforcement. Furthermore, newly improved Content Filtering 2.0 enhances HTTPS Domain Filter, Browser SafeSearch, and Geo IP Blocking for an array of security enhancements to ensure clean Web connections.
WatchGuard Firebox is ranked 3rd in Unified Threat Management (UTM) with 27 reviews while Zyxel Unified Security Gateway is ranked 9th in Unified Threat Management (UTM) with 2 reviews. WatchGuard Firebox is rated 8.6, while Zyxel Unified Security Gateway is rated 6.0. The top reviewer of WatchGuard Firebox writes "Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders". On the other hand, the top reviewer of Zyxel Unified Security Gateway writes "Low cost but unresponsive technical support and very unstable performance". WatchGuard Firebox is most compared with Fortinet FortiGate, Sophos XG, pfSense, SonicWall NSa and Azure Firewall, whereas Zyxel Unified Security Gateway is most compared with Fortinet FortiGate, pfSense, Fortinet FortiOS, Sophos UTM and SonicWall NSa. See our WatchGuard Firebox vs. Zyxel Unified Security Gateway report.
We monitor all Unified Threat Management (UTM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.