Fortinet FortiGate vs Cisco ASA vs Palo Alto Networks Wildfire vs pfSense vs Sophos UTM: Firewall Reviews Face-off

What do users at IT Central Station discuss in their Firewall Reviews?

This week, a Review Face-off is held between:

What are each solution’s most valuable features? Where would users like to see improvement?

Continue reading to read expert advice from the IT Central Station user community.

fortinet fortigate reviews

Question: “What are Fortinet FortiGate’s Most Valuable Features?”
Answer:

“You can create multiple virtual domains (VDOMs) which are treated as separate firewall instances. The reporting you get out of this appliance is excellent and you don’t need an external management system.”

— Simon Chaba

Answer:
  • IPS
  • Application control
  • IPsec & SSL VPN
  • Web filtering
  • E-mail security
  • Data leak prevention
  • Wireless security and wireless controller
  • Central antivirus (FortiClient)
  • HW & SW token controller (FortiToken) etc.”

Adriana Ymeri

“Where Do You See Room for Improvement in Fortinet FortiGate?”
Answer:

Talking about FortiGate, the main complaint I have heard is about the technical support. My personal experience is the same of many people that are not happy with this aspect of the service offered from Fortinet. Often your problem is diverted to local partners and I have to say that I had mixed results with them. While some partners are professional, many are not skilled enough and have costs that are not equivalent to their quality.”

— Fabrizio Volpe

Answer:

Fortinet policies are built between zones or interface to interface. This can result in duplicates being installed without warnings, resulting in policy auditing issues.

Another issue is that FortiGate does not support Netflow, only sFlow is supported.”

Simon Chaba

cisco asa reviews
Question: “What Are Cisco ASA’s Most Valuable Features?”
Answer:

“I especially value Change Management and Compliance. They are most valuable because we are required to comply with regulations regarding credit card processing (PCI) and protecting patient data (HIPAA).”

— Eric Garcia

Answer:

Outstanding NGFW capabilities, Site to site VPNs and High Availability. Also, the integration of FirePOWER services (Web Filtering/IPS/Malware Protection) is a huge step forwards for an already great platform.”

— Alberto E. Luna Rodriguez

Question: “Where Do You See Room for Improvement in Cisco ASA?”
Answer:

“Only problem, in my opinion, is ease of use. You really need to know your way around the CLI and complex feature set to get things working. The ASDM GUI is good for some things but for the most part, you’ll need to stick to the CLI which is a bit difficult, especially if you don’t have a lot of experience around Cisco equipment.”

— Alberto E. Luna Rodriguez

“There are many areas for improvement despite the fact that we love the product, but because it is a newer version we’ve been working out lots of issues. Some of those issues are based on our environment.”

— Eric Garcia

palo alto networks wildfire reviews
Question: “What Are Palo Alto Networks Wildfire’s Most Valuable Features?”
Answer:
  • App-ID
  • User-ID
  • Ease of deployment and usability
  • Filtering Mechanism like SP3 Engine

“From a technical perspective, this has given us a new high as this is how a technology solution should function.

From a sales perspective, we have been able to pitch the solution to new customers as it seems cheap to customers when we bundle the solution, compared to getting each device for individual functions.”

— Girish Vyas

Question: Where Do You See Room for Improvement in Palo Alto Networks Wildfire?
Answer:
  • IP SLA tracking
  • GRE tunnel support

“I believe these are the major improvements in the pipeline.”

“In addition,” adds Vyas, “It crashes too frequently for a few boxes, which could be expected from a new vendor as it evolves.”

— Girish Vyas

pfsense reviews
Question: “What are pfSense’s Most Valuable Features?”
Answer:
  • Fail-over of between multiple ISPs
  • Firewall
  • Graphs
  • Real-time interface monitoring
  • The web UI gives you an overview of everything you want to see
  • For an open-source solution, it has performed fantastically
  • OSPF
  • It contains loads of optional packages e.g Snort (IDS), Asterix (PBX), network monitors etc.
— Dania Seun
Question: “Where Do You See Room for Improvement in pfSense?”
Answer:

“Whenever a new version rolls out, there are hidden bugs. That’s why we normally run a version behind for a little while before rolling into the current build.”

— John Crabtree

sophos utm reviews
Question: “What are Sophos UTM’s Most Valuable Features?”
Answer:

“The web filter and the ATP (Advanced Threat Protection) are great and easy to manage, and the integrated WAF (Web Application Firewall) allows the administrator to seamlessly protect HTTP/S services without having to pay thousands of dollars.

They just introduced Sandstorm system for protection, is awesome as well.”

— Juan C. Sanchez Pignalosa

Answer:

“The Sophos UTM products helped us manage and a global network of more than 20 sites.

Their ability to firewall, filter and monitor network traffic and provide VPN connectivity really helped us day to day with such a complex network.

We chose the product initially because the user interface was simple to understand and made sense without requiring a long training course for an experienced network engineer to utilize.”

— Karim Kronfli

Question: Where Do You See Room for Improvement in Sophos UTM?
Answer:

Sophos UTM has many improvements that I would suggest, but the main one is for

the Application Control to be managed with users as well, and with timeframes (schedules) for the administrator to allow certain apps outside a  specific timeframe, or vice versa.”

— Juan C. Sanchez Pignalosa

 

Interested in learning what other IT Central Station users have to say about Firewalls?

Read more Firewall reviews on IT Central Station.