What feedback do enterprise tech users give about Firewalls? In this week’s blog post, IT Central Station community members share their feedback and expertise on top Firewalls in the enterprise tech market: Fortinet FortiGate, Cisco ASA, and Palo Alto Networks Wildfire. What are these solutions’ most valuable features? Where do users see room for improvement? Continue reading for expert feedback from real users of these Firewalls.
- Virtual Domains
Chaba specifies that you can create “multiple virtual domains (VDOMs) which are treated as separate firewall instances”, which eliminates the need to buy physical firewall hardware in a circumstance where “you’re hosting multiple customers requiring individual secure access to their firewall.”
- UTMs, Application and Web Filters
Roberto Garcia Hernandez shares that FortiGate’s UTM features have “solved many issues that other firewall providers have not developed as Fortinet has.” These features also enabled Hernandez to configure an application control sensor that was tailor made to the permissions-control that a customer needed in a highly specific use-case.
ITmanager567 explains that the application and web filters allowed his organization’s network to block necessary social networks, VPN applications, and to use torrent applications.
Room for Improvement
- Troubleshooting and Support Tools
ProjMan8210 suggests an improvement that would “integrate graphical troubleshoot tools for policies based on devices or user identities.”
“Sometimes it’s super hard to figure out what’s wrong with a FortiGate VPN unless you know the commands on the CLI to see the flow and how to interpret it” says NetworkEng896.
To address this, NetworkEng896 suggests providing manuals or support resources that would provide “all steps, command line syntax, and GUI…how to take steps to debug the flow and see what’s failing…all the methods/syntax and the “how’s and why’s” for a scenario.”
- Antivirus Sensor
Hernandez also points out that the antivirus sensor causes slow web browsing for customers. While this isn’t a “serious issue”, he says, the amount of user reports that his organization receives indicates that it’s a recurring issue for customers.
“Cisco’s AnyConnect SSL VPN is by far the best client VPN technology I’ve ever had to deploy and manage” writes David Varnum.
Varnum specifies that not only are upgrades “a breeze”, failovers between unites are “flawless.”
The FirePower add-on services are particularly useful, he adds, which can be run either as a hardware or as a software module within the ASA, and managing them is an easy, intuitive process.
When discussing the ASA, Fabrizio Volpe adds that it’s “stable and with a low level of work required on the maintenance side.”
Like Varnum, Alberto E. Luna Rodriguez describes the FirePower services as “a huge step forwards for an already great platform”, as they enabled better control and visibility over the traffic traversing his organization’s perimeter.
Room for Improvement
David Varnum explains that in order to manage multiple firewalls in your network from a central point, the only present option is to do so through Cisco Security Manager, a suite applications which “is in much need of overhaul…riddled with bugs…a counter-intuitive interface…software defects.”
When discussing the ASA “family of hardware based firewalls” Volpe advises that it’s not an “all in one product”, because not all operations are available in its graphical interface, requiring users to “know the ASA command line very well.”
“In my opinion”, shares Rodriguez, the only problem is “ease of use.” Rodriguez explains that in order to get thing working, “you really need to know your way around the CLI and complex feature set…which is a bit difficult especially if you don’t have a lot of experience around Cisco equipment.”
Palo Alto Networks Wildfire
- User Interface
Although the WebUI looks simple at a glance, says Jesus Guadalupe Torres Araujo, it’s “one of the best WebUIs that I have used” offering a lot of options to secure all the traffic passing through the device.
“From a technical perspective” says Girish Vyas, “this has given us a new high as this is how a technology solution should function.”
Vyas points to the solution’s “ease of deployment and usability”, filtering mechanisms, as well as the App-ID and User-ID features to be most valuable.
Room for Improvement
- IPSec VPNs
“I’d like to see IPSec VPNs” writes Araujo, adding that “they need to improve the graphics to show the network behavior.”
For Vyas, the major improvements needed are IP SLA tracking and GRE tunnel support.
What else do enterprise tech users discuss about Firewalls?
Read our full collection of Firewall reviews and rankings to find out.