What users love (and hate) about 4 leading firewall solutions

While always an integral part of a company’s security procedures, firewalls are becoming even more important as more companies move to the cloud and software defined networks.

A firewall is a network security system that controls and monitors incoming and outgoing network traffic, based on preset security parameters. Firewalls create a barrier between a secure internal network and a potentially less-secure outside network.

Four of the top firewall solutions on the market are Fortinet FortiGate, Cisco ASA, Sophos UTM and Palo Alto Networks WildFire, according to online reviews by enterprise users in the IT Central Station community.

But what do enterprise users really think about these tools? Here, users give a shout out for some of their favorite features, but also give the vendors a little tough love.

Editor’s note: These reviews of select firewall solutions come from the IT Central Station community. They are the opinions of the users and are based on their own experiences.

Fortinet FortiGate

Valuable features

Policy control, web filtering, and the application filter works smoothly. Controlling and tracing with the web console works nicely for Windows systems. [It has] better QoS than Checkpoint, I believe. — Manan P., Network Engineer at a tech services company

It’s version of throughput is good. It has a strong active cluster, as you can have between three and 32 units to a cluster. — Adithyo W., Network Security Infrastructure – Tech Specialist at a tech services company

I am using different features of this product but the most valuable are – SSL VPN, Web filter, Explicit proxy, IPS, Application control and Routing. — Zain R., Senior Information Security Engineer at a tech services company.

Room for improvement

I’m happy with the product, however the licensing fees could be lower. — Marcin W., Senior NetOps Engineer at a tech services company

Its web interface needs to be more stable, and more functional, through the variety of browsers. Additionally a nice add-on would be a “diagnostic sniffer” capability in the web interface. — Achilleas G., IP Senior Engineer at a comms service provider

I’d like to see an improvement in the Bandwidth Management and Traffic limit control. — Mohammed A., IT Network Engineer at a energy/utilities company.

Read more FortiGate reviews on IT Central Station

Cisco ASA

Valuable features

It blocks all outside to inside traffic and only permits the specific internet traffic from the outside. VPN functionality is very useful, we can create remote access and tunnel VPN in the simplest way. — Rizwan S., Network Security Consultant at a tech services company

It’s a great solution that amalgamates a firewall and VPN into one device. It also has a well organized GUI- ASDM. — Bratislav V., System/Network administrator at a software R&D company

Room for improvement

The configuration/management interface is complex and can be confusing. Technical documentation is often sparse and can be incomplete when covering specific implementations. — SecurityArch819, Global Security Architect/Perimeter Systems Administration/Active Directory and System Administrator at a retailer

The ASA has room for improvement in the areas of layers four through seven. I would love to see application specific control, e.g.Facebook, Gmail, etc. — Jason B., Senior Network Architect/Owner at a tech services company

They should make the ASA accessible via the web instead of ASDM. Also, a big improvement is needed on the transparent mode. — Bagus P., Security Engineer at a tech services company

Read more Cisco ASA reviews on IT Central Station.

Sophos UTM

Valuable features

Valuable Features include Sophos Remote Access VPN, Country Based Firewall, Web Application Firewall, Ease of access (via browser) and Reporting. — Sanket D., Founder at a tech services company

The web filter and the ATP (Advanced Threat Protection) are great and easy to manage, and the integrated WAF (Web Application Firewall) allows the administrator to seamlessly protect HTTP/S services without having to pay thousands of dollars. — Juan S., CEO and Founder at a tech services company

Valuable features include: reliability, usability, number of features that fully cover goals, perfect support and the possibility to get “under the hood”. — Gregory O., Systems Engineer at a tech services company

Room for improvement

I wish the internet failover worked better. As it stands right now, when we have an internet failure on WAN1, it takes several minutes before our WAN2 connection picks up the traffic, with many things not working until I manually fail over to the other WAN. — Jeff B., Network Engineer II at a legal firm

The unit offers great failover and load balancing features that can be complex to understand, some streamlining of the process would help. — David D., CEO, Technologist at a tech services company

HA needs to be improved for the software appliance because if Sophos is deployed in ESXI/Hyper-V then the HA is unstable. Also, the web application firewall only allows the use of ports 80 and 443, and if we could use others ports than that would be a welcome addition. — Arnold B., IT/Telecom Specialist at a comms service provider

Read more Sophos UTM reviews on IT Central Station.

Palo Alto Networks Wildfire

Valuable features

It can do sandboxing on the premises, and it can be directly integrated with Palo Alto NGFW. The malware information on the file that has been sandboxing will be directly updated to the Palo Alto NGFW, and added to the Palo Alto Networks NGFW malware signature library. — Saia647, IT Security Engineer at a tech services company

It has one of the best WebUIs that I have used, because at a glance looks simple, but offers us a lot of options to secure all the traffic that is passing through the device (or all traffic that the user decides to pass through). — Jesús A., Presales Technical Consultant at a tech services company

App-ID User-I.D, ease of deployment, usability and the filtering mechanism like SP3 Engine. — Girish V., Senior Service Delivery Engineer at a comms service provider

Room for improvement

Inspection over different protocols (not just HTTP/FTP) Inspecting more file types Providing information back to the community that it uses to support its product. — Eric M., Chief Information Security Officer at a financial services firm

I’d like to see a wizard to create IPSec VPNs. They need to improve the graphics to show the network behavior. — Jesús A., Presales Technical Consultant at a tech services company

IP SLA tracking GRE tunnel support. I believe these are the major improvements in the pipeline. — Girish V., Senior Service Delivery Engineer at a comms service provider

Read more Palo Alto Networks Wildfire reviews on IT Central Station.