Coming October 25: PeerSpot Awards will be announced! Learn more
Buyer's Guide
Firewalls
September 2022
Get our free report covering Juniper, Microsoft, Fortinet, and other competitors of Juniper vSRX. Updated: September 2022.
632,611 professionals have used our research since 2012.

Read reviews of Juniper vSRX alternatives and competitors

EricHart - PeerSpot reviewer
CEO at NPI Technology Management
MSP
Top 20
Great support and extremely stable with an excellent command-line interface
Pros and Cons
  • "Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility."
  • "I would say that in inexperienced hands, the interface can be kind of overwhelming. There are just a lot of options. Too much, if you don't know what you are looking for or trying to do."

What is our primary use case?

We primarily use it for our clients. We have one or more at each client site - or multiple locations if they have multiple locations.

Typically our clients are up to about 500 users. Most of them are smaller than that, but they go as large as 500. They're using the solution for the full next-gen firewall stacks - intrusion protection, URL filtering, advanced malware protection, or so-called AMP. Those are the three subscription services that Cisco sells. All of our clients have those subscription services enabled at their main location. Typically, they're just protecting users that are behind the firewall. We also use it for site-to-site VPN, and we use it for client-to-site VPN.

How has it helped my organization?

In terms of our clients, security is one of those things that, ideally, nobody notices. It improves the functioning in the sense that you don't get hacked. However, from a noticeable, management point of view, the URL filtering is a pretty significant enhancement. People are able to block access to various websites by category. It isn't revolutionary. Lots of products do this. However, it's a nice sort of add-on to a firewall product.

At the end of the day, the solution offers good productivity enhancement to a company.

What is most valuable?

Cisco's support is great. 

For experienced users, they are pretty much able do anything they want in the interface with few restrictions.

The command-line interface is really useful for us. We script basic installations and modifications through the command-line, which is considered sort of old school, and yet it allows us to fully document the changes that we're making due to the fact that we can save the exact script that was applied and say, "Here are the changes that we made." 

We can have less experienced people do initial takes on an install. They can edit a template, and we can have a more experienced person review the template, and then apply it, and we don't have to worry about whether anyone inexperienced went into certain corners of the interface and made changes or whatever.

Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility.

What needs improvement?

I would say that in inexperienced hands, the interface can be kind of overwhelming. There are just a lot of options. It's too much if you don't know what you are looking for or trying to do.  

The GUI still uses Java, which feels out of date today. That said, it's an excellent GUI.

The biggest downside is that Cisco has multiple firewall lines. The ASA line which is what we sell, and we sell most of the latest versions of it, are kind of two families. One is a little older, one's a little newer. We mostly sell the newer family. Cisco is kind of de-emphasizing this particular line of products in their firewall stable. That's unfortunate. 

They have the ASA line, Meraki, which is a company they bought some years ago where all the management is sort of cloud interface that they provide rather than a kind of interface that you manage right on the box. They also bought Snort and they integrated the Snort intrusion detection into the ASA boxes. In the last couple of years, they've come out with a sort-of replacement to Snort, a line of firewalls that don't use IOS.

It's always been that the intrusion prevention and the based firewalling features had separate interfaces within IOS. They've eliminated IOS in this new product line and built it from the ground up. We haven't started using that product yet. They have higher performance numbers on that line, and that's clearly the future for them, but it hasn't reached feature parity yet with the ASA. 

The main downside is that it feels a little bit like a dead end at this point. One needs to decide to move to one of these other Cisco lines or a non-Cisco line, at some point. We haven't done the research or made the plunge yet.

What I would like to see is a more inexpensive logging solution. They should offer either the ability to maintain longer-term logs right on the firewall or an inexpensive server-based logging solution. Cisco has logging solutions, however, they're very high end.

For how long have I used the solution?

We've been using the solution for 20 or more years. It's been well over two decades at this point.

What do I think about the stability of the solution?

The solution is solid. It's a big advantage of choosing Cisco. There are no worries about stability at all.

What do I think about the scalability of the solution?

The scalability of the solution is good. Within our customer base, it is absolutely scalable. You can go very large with it. However, if you really want the highest speeds, you have to move off of the IOS ASA line and onto the newer stuff.

Typically our clients cap out at 500 employees.

How are customer service and technical support?

Technical support is excellent. They are extremely knowledgeable and responsive. It'd rate the ten out of ten. We're quite satisfied with the level of support Cisco provides.

Which solution did I use previously and why did I switch?

We did use Juniper's NetScreen product on and off for a while. We stopped using it about ten years ago now.

We had previous experience with the Cisco gear, so we were comfortable with it, and Juniper bought the NetScreen product and sunsetted it. You had to move into a different firewall product that was based on their equivalent of IOS, something called Juno OS, and we didn't like those products. Therefore, when they sunsetted the Juniper products, we looked around and settled on Cisco.

How was the initial setup?

Due to the fact that we're experienced with it and we've scripted the command line, it's extremely simple for us. That said, I think it's complex for somebody that doesn't know the IOS platform.

What other advice do I have?

We're Cisco resellers.

We're always on the latest version. I don't actually keep track of the version numbers myself, however, part of what the service that we provide for our clients is updating their firewalls to the latest version.

We use multiple deployment models. We use both on-premises and cloud versions. They are also all different sizes, according to the requirements of the company.

I'd advise other companies considering Cisco to be sure to factor in the cost of the ongoing security subscriptions and the ongoing SmartNet into the purchase price. Those things, over the years, represent more than the cost of the firewall itself - significantly more. However, I'd advise others to get the security subscriptions due to the fact that it really dramatically increases the security of the solution overall.

On a scale from one to ten, I'd rate them at an eight. We love the product, however, we feel like it's not Cisco's future direction, which is the only reason I would downgrade its score. To bring it up to a 10, they'd have to make it their main product line again, which they aren't going to do.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Director of IT at Tavoca Inc
Real User
Top 20
Good performance, powerful CLI, and offers zero-day signature updates
Pros and Cons
  • "The most valuable feature is the CLI."
  • "The web interface is very slow, and it needs to be faster."

What is our primary use case?

We use this product to secure our entire network.

At this point, it is used only for VPN purposes, allowing access to our servers behind the firewall.

How has it helped my organization?

Using this product has increased our security and has given us much better results in terms of security scans.

Palo Alto embeds machine learning into the core of the firewall to provide online real-time attack prevention, and I would rate that capability a six out of ten. It's definitely effective in terms of securing our network against threats that are able to evolve and morph rapidly.

This solution provides a unified platform that natively integrates all of the security capabilities, although we are not using parts of it. For example, we don't use the configuration tools like Panorama. We don't use the monitoring capabilities, either.

What is most valuable?

The most valuable feature is the CLI.

We have the firewall configured for zero-day signatures, which is very important to us. We have to be HIPAA security compliant, which means that we need those signatures immediately.

There is no noticeable trade-off between security and network performance. In fact, so far, we've not seen any negative network performance with it. We're very impressed in that regard.

What needs improvement?

The web interface is very slow, and it needs to be faster.

For how long have I used the solution?

I have been working with the Palo Alto Networks VM-Series for three years.

What do I think about the stability of the solution?

This product is very stable. We have had zero problems with stability.

What do I think about the scalability of the solution?

The scalability is fantastic. We're using the lowest-end product right now, and I don't foresee when we'll have to upgrade. We've got a long way where we can continue to scale up.

We currently have three or four people that use it for VPN purposes, to access our servers behind the firewall. It is not used nearly as extensively as it should be. However, next year, we're going to start flowing all of our internet traffic through it.

We're all working remotely, and we're going to be connecting through the firewall. This means that our traffic is going to greatly increase, meaning that our usage will also increase. We'll also be using many more of the features.

How are customer service and support?

The technical support from Palo Alto is good, overall. However, their response times could be a little quicker.

We have not really had any big complaints with the technical support and I would rate them an eight out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Prior to using Palo Alto, we were using an on-premises solution by Juniper. When we switched from onsite to the cloud, we changed products.

We made the switch because Juniper became unbearable as far as complexity and performance go. It was getting really bad; we couldn't manage it well, and the performance was quite poor. 

How was the initial setup?

The initial setup is quite complex. There is a steep learning curve and we failed at it a couple of times.

Our final deployment took between three and four hours.

What about the implementation team?

Our in-house team was responsible for the deployment.

What was our ROI?

We have absolutely seen a return on our investment. We are definitely more secure. With the features that are in Palo Alto, we do not have to worry about people busting into our network. Even just out of the box, with the base features, it's really solid. The default configurations are very secure.

Our return on investment comes from the fact that we're not having to spend hours monitoring stuff the way we did before. We've saved man hours and we've saved stress. I can't put a monetary value to that, but that would be the return.

What's my experience with pricing, setup cost, and licensing?

This is not the cheapest firewall but it's not the most expensive of the options on the market.

There's a new licensing structure coming in that we're really trying to understand, so I would suggest studying up on it. I recommend getting a partner involved for purchasing the product.

Which other solutions did I evaluate?

Beyond Palo Alto, we evaluated two or three other products. Two of them that I can recall are Fortinet and the Microsoft Azure Firewall.

We did some extensive reviews and some extensive testing and what we found is that for the price, Palo Alto gave us the best options. It had the best set of security features. It wasn't the cheapest product but it was the best solution that fit our requirements.

What other advice do I have?

We have not yet implemented the DNS security features. However, we will likely be doing so next year.

If one of my colleagues at another company were to say that they were just looking for the cheapest and fastest firewall, I would suggest that they be careful. Palo Alto has a great balance. It's not super expensive compared to other options on the market, and it's quite quick when it comes to throughput and performance.

In summary, this is a good product but I do suggest that people shop around a little bit.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Sales Engineer - Sênior at a tech services company with 201-500 employees
Real User
Top 20
Good web filtering, nice GUI, and an easy initial setup
Pros and Cons
  • "The initial setup is straightforward."
  • "Technical support could be better. You don't always get the level of help you need right away."

What is our primary use case?

We primarily use the solution just for internal segmentation and connection of some ranges using IPSec.

How has it helped my organization?

Currently, the solution is saving costs for us and blocks applications effectively using layer seven.

What is most valuable?

The solution's most valuable aspect is the IPS for potential mitigation from the cloud inside our network. 

The VPN SSL is important for us. 

The web filter is very good. 

The GUI is okay.

The initial setup is straightforward.

The documentation provided is okay, I find that sometimes, with other startups, it's hard to find a good amount of documentation in order to assist you with the product. In this case, the solution offers a good amount of detail.

The solution offers good analyzing capabilities.

What needs improvement?

I'm not sure if the solution is really lacking anything major. For us, it works okay.

They seem to have made a lot of improvements since the last release.

Technical support could be better. You don't always get the level of help you need right away.

For how long have I used the solution?

We've been using the solution for about ten years at this point. As it's been about a decade, I'd say we have quite a bit of experience with it.

What do I think about the stability of the solution?

For the most part, the memory and the CPU are good. It's generally stable. We don't face any issues with this aspect of the solution.

What do I think about the scalability of the solution?

The scalability is fine. If a company needs to expand it, they should be able to do so without any issues.

We only have about 40 users on the product currently. It's not a big company.

For now, the product is good as it is and we don't have plans to increase usage in the future.

How are customer service and technical support?

By and large, technical support is good. It's okay. It's not bad. It could be better, however, they do answer our questions when we have them. We're mostly satisfied with the level of service they provide. Of course, it could always be a bit better.

Sometimes the first contact is useful, and sometimes you don't get the kind of help you need right away. It would be nice if it was more consistent.

Which solution did I use previously and why did I switch?

We also use Sophos. We use both solutions at the same time.

How was the initial setup?

We didn't face any complexity when handling the initial implementation. The process is quite straightforward.

The implementation itself can sometimes take less than a week. On average, you should expect it to be about a week in total.

What about the implementation team?

I didn't need the assistance of a reseller or integrator. I handled the implementation myself.

What's my experience with pricing, setup cost, and licensing?

We're charged a licensing fee on a yearly basis. I'm unsure of the exact cost to the company, however. I'm not sure if there are other costs over and above the standard licensing fee.

Which other solutions did I evaluate?

We also looked at Juniper when we evaluated FortiGate. FortiGate is much easier to use in comparison which is why we chose it. The documentation was also better. That, and there was no integration for SSL in Juniper.

What other advice do I have?

We're just a customer. We don't have a business relationship with the company.

Overall, I would recommend the product. It comes with a very good set of features.

I would rate the solution ten out of ten. We've been quite happy with it.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
User at a financial services firm with 10,001+ employees
User
Top 20
Stable with good virtualization and excellent perimeter security solutions
Pros and Cons
  • "The sales, pre-sales, professional services, and tech support are all very nice."
  • "I feel the only thing that I see as a possible improvement in Check Point software is the lack of ability to create "static discard routes" which makes it difficult for NAT ranges to be advertised via BGP to neighbors."

What is our primary use case?

I have been designing, deploying, implementing, and operating Check Point's Security solutions including NGFWs and EndPoint security as well as Remote Access VPNs, Intrusion Prevention systems, URL filtering, user identity, UTMs, et cetera, for around 12 years. 

I have also used VSX and MDS/MDLS solutions. In my organisation I am using over 150 virtual and physical appliances and also MDS for virtualized/contanerized central configuration management and also central log management MDLS/MLM. We are using this not just for NGFW but also for other Perimeter security solutions.

How has it helped my organization?

This solution has helped keep the security posture of my organization in the best possible shape. Check Point's solutions stay a cut above its competitors to make sure your IT infra Cyber is safe from both known as well as zero-day attacks and malware. 

From an operations point of view, Check Point solutions are the best in terms of providing central configuration management and also central log correlation and management. Additionally, Check Point's virtualization solutions around VSX are super-efficient and very stable.

What is most valuable?

I found Check Point's software ability to provide for all the perimeter security solutions including next-generation firewalls, intrusion prevention systems, identity and access management, and URL filtering. They are all excellent. Check Point's Central configuration management, central log correlation, and management solution are a cut above the other vendors and are the best in the industry. Check Point's virtualization solutions are also very efficient and can be scaled. They are highly stable solutions (MDS/Domain Managers & MDLS).

What needs improvement?

To be very very honest, I do not see any major gap or improvement area for any of Check Point Cybersecurity solutions, whether it's your enterprise be cloud-based only, on-prem (Private cloud or Legacy infrastructure), or hybrid infrastructure. Check Point's solutions are highly cost-efficient, have low OPEX costs, are very stable, are safe and secure, and helps maintain the enterprise's security posture. 

Check Point's security solutions are a cut above the other vendors, not just today but for the last 30 years. Without having to mention any gaps, Check Point's development team works hard to stay ahead of technology in the cybersecurity space.

I feel the only thing that I see as a possible improvement in Check Point software is the lack of ability to create "static discard routes" which makes it difficult for NAT ranges to be advertised via BGP to neighbors. Although Check Point has an alternative of creating a dummy interface to introduce "directly connected" routes for NAT ranges so that they could then be advertised up/downstream, having the ability to do so using "static discards" would be a great thing to have.

For how long have I used the solution?

I've worked with the solution for a little over 12 years.

What do I think about the stability of the solution?

The product is very stable.

What do I think about the scalability of the solution?

The solution is highly scalable.

How are customer service and technical support?

The sales, pre-sales, professional services, and tech support are all very nice.

Which solution did I use previously and why did I switch?

Yes, and we switched because Check Point proved to be more reliable.

How was the initial setup?

The initial setup is absolutely straightforward.

What about the implementation team?

We implemented it through an in-house team.

What was our ROI?

Every dollar spent is worth it.

Which other solutions did I evaluate?

Yes, we looked at Cisco, Juniper, and Palo Alto.

What other advice do I have?

Not at the moment.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Westpac Banking Corporation Sydney Australia
Server Administrator and Operation Manager at a computer software company with 501-1,000 employees
Real User
Top 20
Good security with very good web content control and capable of scaling
Pros and Cons
  • "The stability of the product has been good over the years."
  • "The cost of the device is very high."

What is our primary use case?

We primarily use the product for web browsing and in order to protect some sites that we are publishing to the web internet.

What is most valuable?

The solution is very helpful in controlling spam.

The product offers very good web content control and various aspects of security.

The stability of the product has been good over the years.

The initial setup is very easy. Compared to Cisco or other solutions, Palo Alto is very easy to implement and administer. They are both very easy.

What needs improvement?

I can't recall a feature that was missing. It's a pretty complete solution.

The cost of the device is very high.

To buy license support is very slow. For renewing devices and products, it's slow in terms of contacting and activating upgraded devices.

For how long have I used the solution?

I've been using the solution for four years at this point. It's been a while. We've been using it over the last 12 months as well.

What do I think about the stability of the solution?

The stability is excellent. It's reliable. We don't deal with bugs or glitches. It doesn't crash or freeze. Overall, it's been very good in terms of performance.

What do I think about the scalability of the solution?

We have not proven the scalability yet. We're planning to extend our office within the next year or six months to eight months. We are buying some appliances for the process of extending our office.

Currently, around 1,000 people use this solution.

How are customer service and technical support?

We've never been in touch with technical support. Having never dealt with them, I wouldn't be able to speak to how they are in terms of services.

Which solution did I use previously and why did I switch?

We also use Barracuda and Cisco for certain aspects of security.

How was the initial setup?

The initial setup is pretty straightforward. It's quite easy to implement.

The deployment takes about one week, or maybe a bit less, depending on the requirements. That includes both implementing and training.

Currently, two people are required for deployment and maintenance of the product

What about the implementation team?

We implement the solution with our network team. We implement the solution ourselves. We don't need the help of integrators or consultants.

What's my experience with pricing, setup cost, and licensing?

The pricing is quite high on Palo Alto.

On the lower end, it's likely to cost $15,000 for renovation and support.

Which other solutions did I evaluate?

We evaluated Cisco, Juniper, and Dell among other solutions before ultimately choosing this solution. Cisco can be complex in terms of device management compared to other options, for example. Cisco can be cheaper than Palo Alto, but that is not always the case.

What other advice do I have?

I'm not sure which version of the solution we're using. We use a physical appliance.

We're using three different models, for the most part.

My company is an outsourcing company that deploys software and testing.

The solution is very user-friendly and easy to manage and administrate. For that reason, I would rate the product at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Firewalls
September 2022
Get our free report covering Juniper, Microsoft, Fortinet, and other competitors of Juniper vSRX. Updated: September 2022.
632,611 professionals have used our research since 2012.