Fortinet FortiGate vs Cisco ASA vs Palo Alto Networks Wildfire vs pfSense vs Sophos UTM: Firewall Reviews Face-off

What do users at IT Central Station discuss in their Firewall Reviews?

This week, a Review Face-off is held between:

What are each solution’s most valuable features? Where would users like to see improvement?

Continue reading to read expert advice from the IT Central Station user community.

fortinet fortigate reviews

Question: “What are Fortinet FortiGate’s Most Valuable Features?”
Answer:

“You can create multiple virtual domains (VDOMs) which are treated as separate firewall instances. The reporting you get out of this appliance is excellent and you don’t need an external management system.”

— Simon Chaba

Answer:
  • IPS
  • Application control
  • IPsec & SSL VPN
  • Web filtering
  • E-mail security
  • Data leak prevention
  • Wireless security and wireless controller
  • Central antivirus (FortiClient)
  • HW & SW token controller (FortiToken) etc.”

Adriana Ymeri

“Where Do You See Room for Improvement in Fortinet FortiGate?”
Answer:

Talking about FortiGate, the main complaint I have heard is about the technical support. My personal experience is the same of many people that are not happy with this aspect of the service offered from Fortinet. Often your problem is diverted to local partners and I have to say that I had mixed results with them. While some partners are professional, many are not skilled enough and have costs that are not equivalent to their quality.”

— Fabrizio Volpe

Answer:

Fortinet policies are built between zones or interface to interface. This can result in duplicates being installed without warnings, resulting in policy auditing issues.

Another issue is that FortiGate does not support Netflow, only sFlow is supported.”

Simon Chaba

cisco asa reviews
Question: “What Are Cisco ASA’s Most Valuable Features?”
Answer:

“I especially value Change Management and Compliance. They are most valuable because we are required to comply with regulations regarding credit card processing (PCI) and protecting patient data (HIPAA).”

— Eric Garcia

Answer:

Outstanding NGFW capabilities, Site to site VPNs and High Availability. Also, the integration of FirePOWER services (Web Filtering/IPS/Malware Protection) is a huge step forwards for an already great platform.”

— Alberto E. Luna Rodriguez

Question: “Where Do You See Room for Improvement in Cisco ASA?”
Answer:

“Only problem, in my opinion, is ease of use. You really need to know your way around the CLI and complex feature set to get things working. The ASDM GUI is good for some things but for the most part, you’ll need to stick to the CLI which is a bit difficult, especially if you don’t have a lot of experience around Cisco equipment.”

— Alberto E. Luna Rodriguez

“There are many areas for improvement despite the fact that we love the product, but because it is a newer version we’ve been working out lots of issues. Some of those issues are based on our environment.”

— Eric Garcia

palo alto networks wildfire reviews
Question: “What Are Palo Alto Networks Wildfire’s Most Valuable Features?”
Answer:
  • App-ID
  • User-ID
  • Ease of deployment and usability
  • Filtering Mechanism like SP3 Engine

“From a technical perspective, this has given us a new high as this is how a technology solution should function.

From a sales perspective, we have been able to pitch the solution to new customers as it seems cheap to customers when we bundle the solution, compared to getting each device for individual functions.”

— Girish Vyas

Question: Where Do You See Room for Improvement in Palo Alto Networks Wildfire?
Answer:
  • IP SLA tracking
  • GRE tunnel support

“I believe these are the major improvements in the pipeline.”

“In addition,” adds Vyas, “It crashes too frequently for a few boxes, which could be expected from a new vendor as it evolves.”

— Girish Vyas

pfsense reviews
Question: “What are pfSense’s Most Valuable Features?”
Answer:
  • Fail-over of between multiple ISPs
  • Firewall
  • Graphs
  • Real-time interface monitoring
  • The web UI gives you an overview of everything you want to see
  • For an open-source solution, it has performed fantastically
  • OSPF
  • It contains loads of optional packages e.g Snort (IDS), Asterix (PBX), network monitors etc.
— Dania Seun
Question: “Where Do You See Room for Improvement in pfSense?”
Answer:

“Whenever a new version rolls out, there are hidden bugs. That’s why we normally run a version behind for a little while before rolling into the current build.”

— John Crabtree

sophos utm reviews
Question: “What are Sophos UTM’s Most Valuable Features?”
Answer:

“The web filter and the ATP (Advanced Threat Protection) are great and easy to manage, and the integrated WAF (Web Application Firewall) allows the administrator to seamlessly protect HTTP/S services without having to pay thousands of dollars.

They just introduced Sandstorm system for protection, is awesome as well.”

— Juan C. Sanchez Pignalosa

Answer:

“The Sophos UTM products helped us manage and a global network of more than 20 sites.

Their ability to firewall, filter and monitor network traffic and provide VPN connectivity really helped us day to day with such a complex network.

We chose the product initially because the user interface was simple to understand and made sense without requiring a long training course for an experienced network engineer to utilize.”

— Karim Kronfli

Question: Where Do You See Room for Improvement in Sophos UTM?
Answer:

Sophos UTM has many improvements that I would suggest, but the main one is for

the Application Control to be managed with users as well, and with timeframes (schedules) for the administrator to allow certain apps outside a  specific timeframe, or vice versa.”

— Juan C. Sanchez Pignalosa

 

Interested in learning what other IT Central Station users have to say about Firewalls?

Read more Firewall reviews on IT Central Station.

Top 8 Firewalls Reviewed by Users – Q1 2017

IT Central Station’s crowdsourced user review platform helps technology decision makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.

Our users have ranked their solutions according to their valuable features, and have also discussed where they see room for improvement. You can read user reviews for the top 8 firewalls here, to help you decide which solution is best for you.

Users compare and give feedback on the firewalls that they’ve used — based on product reviews, ratings, and comparisons.

firewall reviews

#1 Fortinet FortiGate

Fortinet FortiGate is ranked by our users as the number one solution of the end of Q1 2017, but what do users really think of the solution?

Simon Chaba writes that, “You can create multiple virtual domains (VDOMs) which are treated as separate firewall instances. The reporting you get out of this appliance is excellent and you don’t need an external management system.”

Fabrizio Volpe shares that “the main complaint I have heard is about the technical support. My personal experience is the same of many people that are not happy with this aspect of the service offered by Fortinet.

Often, your problem is diverted to local partners and I have to say that I had mixed results with them. While some partners are professional, many are not skilled enough and have costs that are not equivalent to their quality.”

#2 Cisco ASA

IT Central Station users rank Cisco ASA as the number two solution of the end of Q1 2017.

Eric Garcia describes that he “especially values Change Management and Compliance. They are most valuable because we are required to comply with regulations regarding credit card processing (PCI) and protecting patient data (HIPAA).”

Alberto E. Luna Rodriguez explains that the “Only problem, in my opinion, is ease of use. You really need to know your way around the CLI and complex feature set to get things working. The ASDM GUI is good for some things but for the most part, you’ll need to stick to the CLI which is a bit difficult especially if you don’t have a lot of experience around Cisco equipment.”

#3 pfSense

pfSense is ranked by our users as the number three solution of the end of Q1 2017.

Dania Seun lists several valuable features:

  • Fail-over of between multiple ISPs
  • Firewall
  • Graphs
  • Real-time interface monitoring
  • The web UI gives you an overview of everything you want to see
  • For an open-source solution, it has performed fantastically
  • OSPF
  • It contains loads of optional packages e.g Snort (IDS), asterix (PBX), network monitors etc.

Seun also writes that “The load balancing can be improved as it uses tier levels to balance. For it to function most effectively, you often need to have the same bandwidth on the ISPs.”

#4 Sophos UTM

IT Central Station users rank Sophos UTM as the number four solution of the end of Q1 2017.

Juan C. Sanchez Pignalosa explains that “the web filter and the ATP (Advanced Threat Protection) are great and easy to manage, and the integrated WAF (Web Application Firewall) allows the administrator to seamlessly protect HTTP/S services without having to pay thousands of dollars. The just introduced Sandstorm system for protection, which is awesome as well.”

Pignalosa adds that “Sophos UTM has many improvements that I would suggest, but the main one is for the Application Control to be managed with users as well, and with timeframes (schedules) for the administrator to allow certain apps outside a specific timeframe, or vice versa.”

#5 Palo Alto Networks Wildfire

Palo Alto Networks Wildfire is ranked by our users as the number five solution of the end of Q1 2017.

Jesus Guadalupe Torres Araujo describes that “It has one of the best WebUIs that I have used, because at a glance looks simple, but offers us a lot of options to secure all the traffic that is passing through the device (or all traffic that the user decides to pass through).”

At the same time, he’d “like to see a wizard to create IPSec VPNs. They need to  improve the graphics to show the network behavior.”

#6 Sophos Cyberoam UTM

IT Central Station users rank Sophos Cyberoam UTM as the number six solution of the end of Q1 2017.

Anthony Fernandes writes that the “Most valuable feature I am using I would say is the bandwidth management for users. I have users who misuse the net and I have given them caps so it is properly utilized.

Another feature I use is the VPN. I have an entity that requires 24x7x365 connectivity and the Cyberoam is very simple when it comes to monitoring that or refreshing that connection.”

Fernandes then shares that “Not many things would need to be added but I strongly feel it could be made more robust. For example, the cooling system in the device could do with a good revamp. There are times when the device gets too hot and begins to misbehave.”

#7 WatchGuard XTM

WatchGuard XTM is ranked by our users as the number seven solution of the end of Q1 2017.

Somono Chek finds that “The proxy-based policy in Policy Manager is the best feature.

It helps me:

  • Create many different firewall policies for different networks and services
  • In tracking problems in the policy rule in the traffic monitor of Firebox System Manager.”

For areas that need improvement, Chek writes:

  • It is difficult to configure WatchGuard with your internet settings.
  • I would like to see more granularity on each IP bandwidth that is used
  • It cannot block Internet Download Manager nor the Torrent application “BitComet”.
#8 Dell SonicWALL TZ

IT Central Station users rank Dell SonicWALL TZ as the number eight solution of the end of Q1 2017.

Aaron Krytus lists several valuable features:

  • Easy to use GUI
  • VPN (Site-to-Site and Client-to-Site)
  • Gateway Security
  • Built in A/V options
  • Content Filtering

Krytus then adds that he “would love to see more detailed logs and filtering. Wireless versions have weak signal strength in comparison to other wireless routers.”

Read more firewall reviews by real users at IT Central Station.

New: What are Enterprise Tech Users Asking About Firewalls in 2017?

At IT Central Station, 7,161 users follow the category of firewall reviews and questions published by enterprise tech professionals. As of March 2017, our firewall user reviews have been viewed over 381,820 times.

Terry Stokes, an Information Technology Manager at a Healthcare company, asked the following question in our firewalls user community:

Asked in March 2017:

“What do you recommend for a corporate firewall implementation? I have six geographically dispersed locations.”

Question Background: “I have a web-based firewall solution from our telecom vendor which is not user-friendly nor does it show you the traffic on the firewall.

I have six geographically dispersed locations. What do you recommend for a corporate firewall implementation?”

Read top answers to Terry’s question, as published by our users:

Sean Akers, DevOps Engineer:

“The original question did mention ease of use, showing throughput, and the need to connect several regions, which is why I recommended Meraki products. IMO they are by far the easiest firewall to set up and a total no-brainer for distributed use. It is nigh on impossible to accidentally disconnect your remote offices due to configuration mess up and even if you do then the out-of-band management will allow you to correct the issue.

If you know what you’re doing then I’d go with pfSense. Powerful and affordable (free even if you can do without the support).

We have Meraki MX in our HQ office as the needs there are simple and ease of management is a top priority along with all the stuff the Advanced Security license brings. We use pfSense in our data center rack.

Having spent a long time with Cisco ASAs I’d certainly not recommend them to the OP due to being far too complex to set up without experience or training. Although they’re rather good if you know what you’re doing.”

Rrahul Hansuka:

Fortigate Firewalls are best suited for these purposes. You may select the appropriate model either by comparing specs on their website or talking to one of their consultants. Only, shortfall with Fortigate is, one needs to be trained to configure and manage these devices. So, you either learn it yourself or signup a support partner. Online support is not very great for setting the device up. But, pretty quick and efficient in helping resolve specific issues faced.”

Musavir Sheikh, Senior Network Engineer:

“I think you can use, Fortigate Firewall, Barracuda WebFilter Firewall. They are user-friendly and you can generate an efficient report etc. We are also using Fortigate 310B for web filtering.”

Nigel Williamson:

“If you are not a regular firewall service manager and this is a first-run into the corporate firewall systems, I might suggest Check Point solutions as a first name in easy to learn and quick to get up and running appliances. Check Point takes a very logical approach to security and it is up there with the best. As for bells and whistles, get a briefing from a vendor and see if it is a fit for your finances, pretty sure your 6 sites will be managed with ease.”

Fred Fish, Network Administrator:

“I’ve been running Cyberoam (now Sophos Cyberoam UTM) for over 10 years for my firewalls. I’ve really enjoyed the Cyberoam Support over the years those guys are great to work with. I have also been looking at the Meraki units for future upgrades to save a bit of money, and get a bit more visibility in one the traffic. You really have to weigh the money you have for the project and the number of users at each of the locations to know which solution is best for your organization.”

Michael Wing, Network Engineer:

“There are a few questions I would ask myself first before choosing a firewall vendor they would be as follows:

  1. What is the budget for the hardware?
  2. What kind of connectivity is present at each site (e.g DSL, IPVPN, Leased Line, 3G/4G etc.)?
  3. What is the traffic profile for each site (running mostly web applications, SQL, social media etc)?
  4. What throughput is needed per site?
  5. Do you require more advanced UTM functionally to secure/protect internal infrastructure?

If you can pinpoint these you’re on a good course to selecting a vendor.

To name but a few, my personal preference would be:

Cisco Meraki (if you want to have a cloud managed SD-WAN solution)

  • Expensive based on throughput
  • Very nice interface, lots and lots of detail about traffic on your network requires licensing (OpEx costs as cloud based).
  • SD-WAN ready out of the box (really read into this as the benefits aren’t as peachy as they may first seem), its Cisco so a very steep learning curve.
  • Very feature rich.

FortiNet (if you need UTM/Application firewall)

  • Cost effective.
  • One of the top vendors in the Gartner Magic Quadrant.
  • A very nice interface learning curve to overcome as a more advanced piece of kit (more cost effective especially when compared with the likes of Cisco, Palo Alto and Check Point but in the same league all throughout the product range).
  • FortiNet has a fill security fabric, so in the future, if you’re looking for desktop AntiVirus/Email appliances (FortiClient), WAN Load Balancers, Traffic Analysers, access switches, Cloud-based network logging etc. They have solutions for this that seamlessly integrate.

WatchGuard

  • Basic Firewall VPN and access rule functionality.
  • Cost effective: does what it says on the tin VPN standard firewall policies.
  • Not used personally but have customers who do, look extremely simple to setup and configure, would say cheapest and easiest to use of all mentioned but nowhere near as advanced or feature-rich. You get only what’s on the tin in a basic way.”

Read our full collection of firewall reviews.