Cisco vs the world of firewalls

Our engineers have a fair amount of experience with SonicWall, a small amount with Cisco PIX, and a large amount with WatchGuard.  We are fairly new to the Cisco, but felt we needed to go there due to market demands and having end to end solutions.  However, I'm hearing over and over again that the Cisco is MUCH harder to configure to do the same thing as a WatchGuard, and sometimes misses functionality that we've taken for granted in a WG.  Are these feelings simply a matter of not having the proper experience/training yet in Cisco, or is this simply the way it is?  If it's just the way it is, why does Cisco have the market share that it does?
Chuck BrownAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I personally don't find the PIX all that complicated, but that comes with experience. It only takes a few minutes to get up and running with a basic config. The new GUI takes some getting used to, but it does have some good wizards to help out.
There are some things the PIX won't do, but I don't know what specifically you are talking about. The PIX is designed ground-up to be one thing - a great firewall. It won't do web filtering or email filtering, or inline anti-virus.
What features are you worried about that you have taken for granted?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Chuck BrownAuthor Commented:
One example:  We have a customer that has 5 remote sites.  We put in a 515 at the head end and 501's at each remote, and set up site to site vpn's.  We are putting in SurfControl at the main branch, and wanted to force all of the remotes to go through the main site to be filtered;  yes, this is a redundant use of bandwidth, but since the sites are very small (1-2 workstations at each one), and their net browsing should be minimal, isn't a big deal.  Unfortunately, according to Cisco, this requires a router at the head end, because the pix's are designed to route the traffic back out the same port it came in... With a WatchGuard, this would have been trivial.  With a PIX, it's an extra $$$.
Hello clbrownjr,
I am pretty much in the same boat as you. I have setup many watchguards, Pixes, sonicwalls, and netscreens. I can tell you will 1000% certaintly, netscreens are the best.
Not only to they do much much more than any of the others, but some of the features make them the killer choice... example traffic shaping and garanteed bandwidth... Apps being sufficated? assign the app policies as high priority, browsing and other crap...low... end of story.  Not only are they even more simple to understand than Watchguard, they offer better protrections, and dont require apps or PC logging stations.. They are also 100% rock solid, never bug out or fail, like watchguard. JMO.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.