Huawei NGFW Reviews

We use them in the B2B segment, data centers, and the Internet segment with NGFW features like routing and searching.

For threat prevention, the most effective features are IPS, antivirus, and cloud sandboxing.

Huawei Firewall, in terms of intrusion detection capabilities, is good based on the GUI application. Some features are good. They are penetrating the Middle East and Asian markets, though not as much in other regions. Most of our financial customers are government clients.

We have used the Huawei firewall, especially in B2B. The VPN feature is very effective and easy to deploy.

Based on the threat prevention signatures, they need updates. They should add some machine learning features and Machine learning detection.

In future releases, I would like to see improvements in CDR technology. Forcepoint is pitching CDR technology, which extends sandboxing. Configuring data on the console needs enhancement. 

Huawei also need to improve spam techniques and add a web application firewall. Currently, Huawei does not have a built-in web application firewall (WAF) like Fortinet does.

Tools like SIEM, SOAR, and Tenable can be integrated, but they require additional setup and should be integrated via API.

For external threat detection, using the TAXII or STIX protocol, would be an improvement over the current features.

I've worked with various Huawei technologies. I've used the Huawei USB server, Cloud Engine Switches (similar to Nexus), and Data Center Switches. We also have experience with the M series, which is comparable to VPC.

I have experience with Huawei NGFW, and I have been using it for four years. 

The stability is fine. I would rate the stability a nine out of ten. 

Most of our customers are enterprises, especially in banking and finance. We don't have SMB customers.

We have different platforms for security. The support includes FortiGate as well, with capacities like 100G and 24G. The features are based on the throughput and the selected platform. The solution is scalable if it's not undersized or improperly designed. The hardware is based on cluster strength. 

For data center firewalls, we can deploy three or more firewalls, making it very scalable. Most firewalls are defined by changing two boxes, but data centers can use one to four firewalls, with one being the director and the others as backups.

I would rate the scalability an eight out of ten because other firewalls can deploy the cluster with eight boxes.

The customer service and support needs to be improved. Financial customers require urgent support so multiple support centers should be there. 

This differs from Cisco's support. There should be multiple support centers. Currently, the support center is only available in Egypt, not in Dubai or India. 

While there is 24/7 support, there's a language barrier, as the Egyptian agents have limited English proficiency. Every support call involves a Chinese engineer, and if they aren't available, troubleshooting becomes impossible. This language barrier is an issue.

We are a system integrator working with different firewalls like Forcepoint and Fortinet. Compared to these, Huawei is less expensive but not as effective in threat prevention environments as Palo Alto, Forcepoint, and Fortinet.

Palo Alto and Fortinet are better than Huawei. We prefer Fortinet and Forcepoint for their end-to-end capabilities. 

They have advanced user behavior detection and detailed log support, which other firewalls do better than Huawei.

For me, the experience with the initial setup is a ten out of ten because I have experience with Huawei. It’s based on learning.

For beginners, it's around five out of ten, with one being difficult and ten being easy. 

It is on a virtual platform and on-premises. No other cloud platform or Azure server.

The deployment time depends on the customer's requirements. If we have deployed in B2B, the VPN task can be done in Huawei in about 15 to 30 minutes. The network might be blocked from troubleshooting, but it's not our configuration plan. Overall, whether it's Cisco, Huawei, or Fortinet, it depends on the configuration and troubleshooting time, which involves multiple checks.

I am an implementation engineer/service migration engineer. I have 30+ years of experience. I also work with partners and professionals as well.

It's very cheap. It's significantly cheaper than Cisco. If a Cisco license costs $100, the Huawei equivalent is about $10. That's the difference.

It can be deployed in B2B and data center segments. It's not suitable for internet-facing firewalls, as it needs to improve application filtering, identification, authentication, controlling, machine learning, and multiple detection processes. 

Huawei's firewall can be used in B2B and data center segments because data center firewalls still require traditional flows. We can't impose next-generation firewall features in a VPN data center. However, next-generation firewall capabilities are needed for internet edges and IBM internet access. 

While Huawei's firewall is impressive, the next-generation firewall features need improvement. Overall, I would rate the solution a seven out of ten.

I am working as a solution architect in my organization. Whenever we design a total network infrastructure, for ensuring the overall network security, we provide the firewall. 

If the client is asking for an internet firewall, we provide them with one. If they aren't using it for the internet, we offer them separate solutions. The reason behind offering Huawei firewall is strictly based on the customer requirements, and sometimes they want the brand. 

We also have a target to meet since we are a partner, so we pitch them.

The operational management dashboard is easy to use for the customers.

Huawei should improve their threat intelligence. They need to have a more diversified platform and continuously update it with information from all vendors. Without diversified threat intelligence, it is challenging to survive in the market.

I have about three years of experience working with the solution.

On a scale of one to ten, I can give it a seven out of ten.

In terms of scalability, I'd rate it six out of ten.

Technical support from Huawei is a ten. They are frequently engaged with global teams.

Positive

I am not engaged in the implementation part, so I cannot say how complicated it is compared to other solutions to implement or configure.

The ROI has been quite good. They offer a minimum of three years, including a warranty. I have seen customers use it for at least five years without any problems. 

For security products, they have a good amount of lifetime support, and some devices will be supported up to 2031. I believe if they provide updates for security patches and software updates for at least six to seven years, it's a good product.

The pricing is quite cheap compared to other NGFWs like Palo Alto or Cisco.

Based on my experience, I would recommend Huawei NGFW to other people.

I'd rate the solution eight out of ten.

We started with the first firewall sale about eight years ago. In Argentina, they didn't use Huawei firewalls back then, so it was hard to sell them. But now we have many firewalls. For example, one of our customers has a network with branch offices using Huawei firewalls.

They have a big firewall in the central office and use VPNs to establish connections between the branches and the central office. They also use features like antivirus, content inspection, and firewall inspections implemented in hardware.

One of the best things about Huawei NGFW is its ability to integrate Azure solutions. Every year, we can add new features to the firewall. The key advantage is the integration across the entire network, so it doesn't work in isolation. For example, we can manage everything with features like the secret manager or analytic IDs. The solution is straightforward. It can also detect intrusions.

Another significant aspect is the challenge of managing internet usage among both customers and employees. Sometimes, maintaining control over the websites accessed by employees can prove difficult. 

One issue we've encountered with Huawei NGFW is that after using a firewall for two or three years, we need to replace it. The new firewalls often have more features and better memory or throughput. However, sometimes, they lack some features that the old ones had.

Huawei NGFW sells new products quickly without fully developing them. So, when the new firewalls come out, they may not have all the features the old ones had. We can't tell our customers this. The problem is that the end-of-life for the old products is often very near, or it's already here, and we don't have the fully-featured new product to replace it.

Security is an investment, and it's very important to have. It's one of those areas where you have to spend money. You might not see immediate financial returns, but you can face major problems without proper security.

Brands like Fortinet and Check Point are more specific about security. Huawei NGFW has many products. I rate the overall solution a seven out of ten. 

Our customers are enterprises and data centers. We have many customers, such as in education verticals, ISP branch offices, and data centers, where the solution can integrate with our SDM solution.

Huawei's MDM solution integrates everything. It can integrate with the existing switching, the SD-WAN, the firewall, and other optical solutions. The benefit of having the Huawei service was that we could manage end-to-end. We didn't need separate controllers for each product line, which was one of the biggest benefits. From one portal, we can manage different types of LAN and security devices, and also RAS networks.

The solution's performance is good with IPSec. IPSec's capacity for Huawei Firewalls was much better than most of the vendors. What happens in Fortinet is when we see the overall switching capacity and the next-generation firewall throughput, there is a big gap. Maybe the overall switching capacity is 20 gigs, but the NGFW throughput is only two gigs. With Huawei, this difference is very little. Many of the features are implemented in the hardware. When we enable it, the firewall capacity does not go down by a big margin. This is something we look forward to, which is better. Huawei also has better core density, so we see a lot of 100G ports and 10G ports available with us. The solution is easy and convenient, and we don't need extra switches to deploy the solution in the network.

There are some limitations to the solution. The WAF capability in the Huawei Firewall is missing.

I have worked with the solution for three years. We are working with the latest version.

The solution is stable. We have hardly had any issues reported in many years from the areas we have deployed.

Hardware firewalls have specific hardware performance. If we must move to another one, we must replace the box. In hardware appliances, scalability is very restrictive for every vendor.

The global TAT is good, but we need more resources locally.

Neutral

The solution is easy to set up and implement because Huawei has provisions for Xero Dash.

Most of the time, we deploy an independent one because small customers don't have controllers. The traditional way is to configure the IP scheme and make certain ports belong to certain zones, make the policies between them, and set up tunnels if required.

One staff member is enough to deploy the solution. The solution is also easy to maintain.

Huawei is priced lower than most competitors. It is one of the most economical price slabs. Normally, these firewalls' equipment is not sold individually. People usually buy enterprise equipment like WiFi devices, PoE switches, and firewalls. In these cases, Huawei offers very good discounts.

Huawei has two more solutions that they call HiSec Insight, which performs correlations between InSec. It's a big data analytics tool that can be integrated, but the problem is that in the Pakistani market especially, very few people are using it. The solution is there, but its implementation is not widely deployed.

Compared to other vendors, one of the cons with Huawei is that the WAF capability is missing.

The latest version of the Huawei firewall, such as the F series, requires some time because some features need to be developed over time because they have recently been upgraded. Their last version, the E version, was very stable, but they'll need some time for the F series to mature the software and add more features.

I rate Huawei NGFW a seven out of ten.

We use the solution to protect the network by filtering incoming internet traffic.

The solution is easy to manage and has the best dashboard features.

There needs to be more security equipment for the solution. Also, the local support team could be more skilled in resolving the errors.

We have been using the solution for one and a half years.

It is a stable solution.

The solution's local support team could have better skills to resolve the errors. Also, our organization has 72-100 technical executives to provide support services for different user levels.

The solution's initial setup process is easy.

The solution is inexpensive.

I rate the solution a five out of ten. Its malware management feature could be better in terms of security than Fortinet.

The product is my organization’s data center firewall. We have multiple virtual systems for different segments of the data center, and we deploy different internal and external policies for DMZ networks, public networks, internal networks, and internal users.

We have deployed the solution in our organization for segment-level security. It enables us to configure different policies and restrictions for specific users within the same subnet.

The product enables us to create different virtual systems for different segments.

In other next-generation firewalls, if you are creating virtual systems, they will create separate hardware resources for different virtual systems. Other products will create a different routing table when we create a routing protocol. In Huawei, the routing table, control plan, and data plan will share the resources.

Every virtual system should have separate resources, routing tables, and hardware resources. We have created multiple segments and virtual systems, and we don't want one segment to communicate with another. The product must divide the virtual firewalls with different utilization systems. The hardware, routing switch, and security bundle should be separate and different.

The solution does not have sandboxing features. It should provide a sandboxing solution. It should also work on zero-day attacks. The solution should be comparable with the products provided by Palo Alto, Check Point, and Cisco.

Right now, I am deploying the USG6500 series in my organization.

I rate the product’s stability a nine out of ten.

I rate the solution’s scalability an eight and a half out of ten. Around 400 people in my organization, including telecom operators and internet service providers, use the product. We use the solution 24/7.

If we have any issues, we contact our local vendor, who creates tickets with the support team. The issue is resolved on time.

We also use Palo Alto, Cisco, Juniper, SonicWall, Hillstone and Fortinet.

The initial setup is easy. I rate the ease of setup a seven and a half out of ten.

It took us seven to eight months to deploy the product. We use the help of third-party vendors to deploy the solution. After deployment, if we face any issues, we can contact the vendors, who will respond within an hour. 

We needed two or three cybersecurity and IT professionals to deploy the solution. We require three people to maintain the solution. We have acquired a three-year 24/7 support and SLAs with our local vendor.

I rate the pricing a five out of ten.

We evaluated other options and chose the product that would be cost-effective.

We are a regulatory authority in Pakistan. We are a government entity, and we specifically look into the cybersecurity of the country. Overall, I rate the solution an eight and a half out of ten.

We use the solution for network monitoring.

We can set up the tool virtually before implementing it. It supports AI.

I stopped using the tool because it didn't meet my expectations. I tried integrating the solution with Arista’s Edge Threat tool, but it had a lot of problems. The tool lacks features.

I have been using the solution for two months.

The product is stable.

I recommend Huawei for SMBs.

The support is not bad.

The setup is quite easy. We can set up and configure everything virtually before we do it physically. The time taken for deployment depends on the size of the environment. It took us a few hours to deploy the tool in our organization.

Huawei is 30% cheaper than Arista.

Arista is a better solution, but it is too expensive. Arista provides email phishing features. Arista is a better choice for big companies that have branches in different states. I wanted to integrate a firewall that could link to a different network in a different nation. Arista would have worked better, but it was so expensive. Arista also supports AI. I used Huawei in my organization because, at the time, it was giving me what I needed. It let me set it up virtually before it could be physically set up.

If the product adds more features, I can rate it a ten out of ten. Overall, I rate the product a seven out of ten.

We use USG6635 for our DC core and the other one, USG6621, is for our internet edge.

We didn't face any compatibility issues with the Huawei Firewall. In our environment, there are no compatibility issues. We are using Huawei as a core technology environment for routing, switching, et cetera.

We have found the initial setup to be straightforward. 

It is a scalable solution.

The feature set is rich. They already provide more features than any other product on the market right now.

Technical support is excellent. 

We are facing some session problems when we are using it in the DC core. Its behavior is abrupt. Sometimes it's working great and sometimes, the session gets stuck, and it would not kill automatically.

You need to restart or reset the firewall, and it'll work for over one or two months. Then it happens again, the session problems. There's something wrong with that version, maybe.

That happens only with the EMC query.

The user interface could be more user-friendly. We need to dig down some major features like SSL VPN and IPsec VPN. We need to dig into the features and then the sub interfaces to configure it for our environment. 

We do see many false positives. Security features are not up to the mark for the enterprise level as yet.

We have been working on the solution for more than one and a half years. 

It's not as stable as other products. We are facing some problems every one or more than two months. We need to reset the firewall device we are using every few months. This is a continuous, ongoing issue. 

It's scalable. We don't find any problem with the integration within our environment, and we don't find any complications or any kind of problems with scaling down or up.

We have about 500 users on the solution at any given time. 

The support is great. We always get a prompt response from them, and they try to resolve our problems as soon as possible, in their capability and at their level. 

Currently, we are working on Fortinet and Huawei. I find Fortinet to be better, however. 

It's pretty straightforward to set up as per our environment, however, as far as some features, the IPsec and then the SSL encryption are concerned, it can be tricky. We need to go deeper to explore the options.

We are configuring the solution in-house. We have a team available for installing the setup.  We need some kind of support for the initial training on the setup by the vendor, however. In our environment, we always take some training before the deployment of any product or any technology.

Since we are a charity organization in our region, the prices for the renewal costs are a little bit higher than the initial product cost. The pricing is a bit above average.

We are using an additional feature as a WAF. This is beyond the standard license. 

Other than the stability and the user-friendly environment, there's no problem with this Huawei product. Huawei needs to work on product stability in terms of firmware and some kind of feature sets. That said, it's not bad. 

I'd rate the solution seven out of ten. 

We use the product as a firewall.

All the features are valuable. My customers are satisfied with the solution. The tool helps us to integrate with other brands.

The IPS feature must be improved.

I have been using the solution for four and a half years. I am working with multiple versions of the tool.

I rate the tool’s stability a seven out of ten. Sometimes, we have problems with stability.

I rate the product’s scalability a seven or eight out of ten. Sometimes, we have problems with scalability. Our customers are medium and enterprise-level businesses.

The product is easy to configure and deploy. Our technical people do not see any difficulties in deployment. The deployment takes a few days. Most customers don't buy a single unit of firewall. They buy multiple firewalls.

The tool was cheaper before. Now, there are cheaper firewalls in the market. I rate the pricing a six or seven out of ten on a scale where one is cheap and ten is expensive. We pay a yearly licensing fee for the solution. There are no additional costs associated with the product.

I would recommend the solution to others. Overall, I rate the tool an eight out of ten.

I am impressed with the product's antivirus features, strong encryption, policy implementation and easier installation. 

The tool does not have web functionality. It needs to also have high end firewalls. 

I have been working with the product since 2017. 

I would rate the solution's scalability an eight out of ten.

I would rate the solution's scalability a nine out of ten. It has no issues with scalability since they have different options. 

The solution's initial setup is easy. 

My clients manage the deployment themselves. 

The product is mostly for enterprises. I would rate it an eight out of ten.