Fortinet FortiGate vs Cisco ASA vs Palo Alto Networks Wildfire vs pfSense vs Sophos UTM: Firewall Reviews Face-off

What do users at IT Central Station discuss in their Firewall Reviews?

This week, a Review Face-off is held between:

What are each solution’s most valuable features? Where would users like to see improvement?

Continue reading to read expert advice from the IT Central Station user community.

fortinet fortigate reviews

Question: “What are Fortinet FortiGate’s Most Valuable Features?”

“You can create multiple virtual domains (VDOMs) which are treated as separate firewall instances. The reporting you get out of this appliance is excellent and you don’t need an external management system.”

— Simon Chaba

  • IPS
  • Application control
  • IPsec & SSL VPN
  • Web filtering
  • E-mail security
  • Data leak prevention
  • Wireless security and wireless controller
  • Central antivirus (FortiClient)
  • HW & SW token controller (FortiToken) etc.”

Adriana Ymeri

“Where Do You See Room for Improvement in Fortinet FortiGate?”

Talking about FortiGate, the main complaint I have heard is about the technical support. My personal experience is the same of many people that are not happy with this aspect of the service offered from Fortinet. Often your problem is diverted to local partners and I have to say that I had mixed results with them. While some partners are professional, many are not skilled enough and have costs that are not equivalent to their quality.”

— Fabrizio Volpe


Fortinet policies are built between zones or interface to interface. This can result in duplicates being installed without warnings, resulting in policy auditing issues.

Another issue is that FortiGate does not support Netflow, only sFlow is supported.”

Simon Chaba

cisco asa reviews
Question: “What Are Cisco ASA’s Most Valuable Features?”

“I especially value Change Management and Compliance. They are most valuable because we are required to comply with regulations regarding credit card processing (PCI) and protecting patient data (HIPAA).”

— Eric Garcia


Outstanding NGFW capabilities, Site to site VPNs and High Availability. Also, the integration of FirePOWER services (Web Filtering/IPS/Malware Protection) is a huge step forwards for an already great platform.”

— Alberto E. Luna Rodriguez

Question: “Where Do You See Room for Improvement in Cisco ASA?”

“Only problem, in my opinion, is ease of use. You really need to know your way around the CLI and complex feature set to get things working. The ASDM GUI is good for some things but for the most part, you’ll need to stick to the CLI which is a bit difficult, especially if you don’t have a lot of experience around Cisco equipment.”

— Alberto E. Luna Rodriguez

“There are many areas for improvement despite the fact that we love the product, but because it is a newer version we’ve been working out lots of issues. Some of those issues are based on our environment.”

— Eric Garcia

palo alto networks wildfire reviews
Question: “What Are Palo Alto Networks Wildfire’s Most Valuable Features?”
  • App-ID
  • User-ID
  • Ease of deployment and usability
  • Filtering Mechanism like SP3 Engine

“From a technical perspective, this has given us a new high as this is how a technology solution should function.

From a sales perspective, we have been able to pitch the solution to new customers as it seems cheap to customers when we bundle the solution, compared to getting each device for individual functions.”

— Girish Vyas

Question: Where Do You See Room for Improvement in Palo Alto Networks Wildfire?
  • IP SLA tracking
  • GRE tunnel support

“I believe these are the major improvements in the pipeline.”

“In addition,” adds Vyas, “It crashes too frequently for a few boxes, which could be expected from a new vendor as it evolves.”

— Girish Vyas

pfsense reviews
Question: “What are pfSense’s Most Valuable Features?”
  • Fail-over of between multiple ISPs
  • Firewall
  • Graphs
  • Real-time interface monitoring
  • The web UI gives you an overview of everything you want to see
  • For an open-source solution, it has performed fantastically
  • OSPF
  • It contains loads of optional packages e.g Snort (IDS), Asterix (PBX), network monitors etc.
— Dania Seun
Question: “Where Do You See Room for Improvement in pfSense?”

“Whenever a new version rolls out, there are hidden bugs. That’s why we normally run a version behind for a little while before rolling into the current build.”

— John Crabtree

sophos utm reviews
Question: “What are Sophos UTM’s Most Valuable Features?”

“The web filter and the ATP (Advanced Threat Protection) are great and easy to manage, and the integrated WAF (Web Application Firewall) allows the administrator to seamlessly protect HTTP/S services without having to pay thousands of dollars.

They just introduced Sandstorm system for protection, is awesome as well.”

— Juan C. Sanchez Pignalosa


“The Sophos UTM products helped us manage and a global network of more than 20 sites.

Their ability to firewall, filter and monitor network traffic and provide VPN connectivity really helped us day to day with such a complex network.

We chose the product initially because the user interface was simple to understand and made sense without requiring a long training course for an experienced network engineer to utilize.”

— Karim Kronfli

Question: Where Do You See Room for Improvement in Sophos UTM?

Sophos UTM has many improvements that I would suggest, but the main one is for

the Application Control to be managed with users as well, and with timeframes (schedules) for the administrator to allow certain apps outside a  specific timeframe, or vice versa.”

— Juan C. Sanchez Pignalosa


Interested in learning what other IT Central Station users have to say about Firewalls?

Read more Firewall reviews on IT Central Station.

New: What are Enterprise Tech Users Asking About Firewalls in 2017?

At IT Central Station, 7,161 users follow the category of firewall reviews and questions published by enterprise tech professionals. As of March 2017, our firewall user reviews have been viewed over 381,820 times.

Terry Stokes, an Information Technology Manager at a Healthcare company, asked the following question in our firewalls user community:

Asked in March 2017:

“What do you recommend for a corporate firewall implementation? I have six geographically dispersed locations.”

Question Background: “I have a web-based firewall solution from our telecom vendor which is not user-friendly nor does it show you the traffic on the firewall.

I have six geographically dispersed locations. What do you recommend for a corporate firewall implementation?”

Read top answers to Terry’s question, as published by our users:

Sean Akers, DevOps Engineer:

“The original question did mention ease of use, showing throughput, and the need to connect several regions, which is why I recommended Meraki products. IMO they are by far the easiest firewall to set up and a total no-brainer for distributed use. It is nigh on impossible to accidentally disconnect your remote offices due to configuration mess up and even if you do then the out-of-band management will allow you to correct the issue.

If you know what you’re doing then I’d go with pfSense. Powerful and affordable (free even if you can do without the support).

We have Meraki MX in our HQ office as the needs there are simple and ease of management is a top priority along with all the stuff the Advanced Security license brings. We use pfSense in our data center rack.

Having spent a long time with Cisco ASAs I’d certainly not recommend them to the OP due to being far too complex to set up without experience or training. Although they’re rather good if you know what you’re doing.”

Rrahul Hansuka:

Fortigate Firewalls are best suited for these purposes. You may select the appropriate model either by comparing specs on their website or talking to one of their consultants. Only, shortfall with Fortigate is, one needs to be trained to configure and manage these devices. So, you either learn it yourself or signup a support partner. Online support is not very great for setting the device up. But, pretty quick and efficient in helping resolve specific issues faced.”

Musavir Sheikh, Senior Network Engineer:

“I think you can use, Fortigate Firewall, Barracuda WebFilter Firewall. They are user-friendly and you can generate an efficient report etc. We are also using Fortigate 310B for web filtering.”

Nigel Williamson:

“If you are not a regular firewall service manager and this is a first-run into the corporate firewall systems, I might suggest Check Point solutions as a first name in easy to learn and quick to get up and running appliances. Check Point takes a very logical approach to security and it is up there with the best. As for bells and whistles, get a briefing from a vendor and see if it is a fit for your finances, pretty sure your 6 sites will be managed with ease.”

Fred Fish, Network Administrator:

“I’ve been running Cyberoam (now Sophos Cyberoam UTM) for over 10 years for my firewalls. I’ve really enjoyed the Cyberoam Support over the years those guys are great to work with. I have also been looking at the Meraki units for future upgrades to save a bit of money, and get a bit more visibility in one the traffic. You really have to weigh the money you have for the project and the number of users at each of the locations to know which solution is best for your organization.”

Michael Wing, Network Engineer:

“There are a few questions I would ask myself first before choosing a firewall vendor they would be as follows:

  1. What is the budget for the hardware?
  2. What kind of connectivity is present at each site (e.g DSL, IPVPN, Leased Line, 3G/4G etc.)?
  3. What is the traffic profile for each site (running mostly web applications, SQL, social media etc)?
  4. What throughput is needed per site?
  5. Do you require more advanced UTM functionally to secure/protect internal infrastructure?

If you can pinpoint these you’re on a good course to selecting a vendor.

To name but a few, my personal preference would be:

Cisco Meraki (if you want to have a cloud managed SD-WAN solution)

  • Expensive based on throughput
  • Very nice interface, lots and lots of detail about traffic on your network requires licensing (OpEx costs as cloud based).
  • SD-WAN ready out of the box (really read into this as the benefits aren’t as peachy as they may first seem), its Cisco so a very steep learning curve.
  • Very feature rich.

FortiNet (if you need UTM/Application firewall)

  • Cost effective.
  • One of the top vendors in the Gartner Magic Quadrant.
  • A very nice interface learning curve to overcome as a more advanced piece of kit (more cost effective especially when compared with the likes of Cisco, Palo Alto and Check Point but in the same league all throughout the product range).
  • FortiNet has a fill security fabric, so in the future, if you’re looking for desktop AntiVirus/Email appliances (FortiClient), WAN Load Balancers, Traffic Analysers, access switches, Cloud-based network logging etc. They have solutions for this that seamlessly integrate.


  • Basic Firewall VPN and access rule functionality.
  • Cost effective: does what it says on the tin VPN standard firewall policies.
  • Not used personally but have customers who do, look extremely simple to setup and configure, would say cheapest and easiest to use of all mentioned but nowhere near as advanced or feature-rich. You get only what’s on the tin in a basic way.”

Read our full collection of firewall reviews.