Try our new research platform with insights from 80,000+ expert users

Cisco Secure Firewall vs Fortinet FortiGate vs Palo Alto Networks NG Firewalls comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

As of April 2025, in the Firewalls category, the mindshare of Cisco Secure Firewall is 5.8%, up from 5.5% compared to the previous year. The mindshare of Fortinet FortiGate is 21.1%, up from 17.7% compared to the previous year. The mindshare of Palo Alto Networks NG Firewalls is 3.4%, up from 3.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

Maharajan S - PeerSpot reviewer
Enhances security with precise access control but has integration challenges
Overall, I would rate the product six out of ten. Because of the support and cost, I moved away from Cisco, but otherwise, it is a good product. Recommendation depends on the requirement. If lacking a proper team and being dependent on the OEM and partner, Cisco is not suitable. However, if the team is qualified with Cisco-certified people and the requirement is a big network, it can be considered. In today's hybrid work world, having an expanded gateway is more typical than having a single one. Thus, Cisco is unlikely to be recommended for a hybrid requirement unless in-house skills align. Otherwise, depending on partners and Cisco, it can be a risk. I rate the overall solution six out of ten.
EhabAli - PeerSpot reviewer
Efficient, user-friendly, and affordable
In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.
AmjadKhan1 - PeerSpot reviewer
Provides inline protection with a unified view and anti-spyware capabilities
I would rate Palo Alto Networks NG Firewalls ten out of ten because it is the best. Our disaster recovery site utilizes Palo Alto Networks Next-Generation Firewalls. We are also in the process of upgrading the firewalls at our 365 sites in Pakistan to Palo Alto Networks firewalls. While budget firewalls may advertise comparable features, they often fall short of effectively detecting viruses, threats, and ransomware. In contrast, Palo Alto Networks NG Firewalls, combined with Cortex XDR, provide comprehensive threat intelligence and detection capabilities, ensuring superior security coverage. I recommend conducting a proof of concept before selecting a firewall. This will allow you to evaluate different options and determine which best suits your needs. While Palo Alto offers robust firewall solutions, it's essential to compare them with other vendors to ensure you make an informed decision.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Its efficiency and security are the most important. We are more efficient and more secure."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"Cisco ASA has an okay CLI with a nice GUI."
"The high-availability and remote VPN features are most valuable."
"The greatest benefit for the organization is the confidence that we are secured."
"Cisco's engineer helped us with a lot of scripting to see what existed. Previously, we didn't have a proper policy. In fact, we didn't have any policy because we didn't have any firewall for the data center, so generating a policy was a big challenge. Cisco's engineer helped us to do some scripting and find out what kind of policy we can have and organize those policies. That was nice."
"The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks."
"The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control."
"The security fabric is excellent."
"The technical support in our region is excellent."
"The security features that they have are quite good. On top of that, their licensing model is quite nice where they don't charge you anything for the SD-WAN functionality for the firewall."
"The notable features that I have found most valuable are that it includes the antivirus, and also IPS, and even SD-WAN."
"The integration with Active Directory is one of the good features. Most of the customers are now looking for the Single Sign-on feature. So, being able to integrate Active Directory with the firewall is useful. It is also easy."
"The initial setup is very straightforward and easy, with wizards helping to configure the device efficiently."
"The most valuable features are the policies, filtering, and configuration."
"The feature I like most is the SD-WAN. It allows you to manage more than one ISP at the same time. And there is a high-availability mode, so if one of your ISPs is down, you still have a backup."
"I like all the functions and features."
"The key aspect of this solution that provides the most value is its next-gen capabilities, which represented a significant change for us."
"We utilize nearly all the features of Palo Alto Networks NG Firewalls, including threat detection and anti-spyware capabilities."
"GlobalProtect and App-ID features are very good."
"They are regularly releasing new versions that include more integration with third-party services."
"The management options are good."
"The unified platform provided is very important to us as it allows us to manage all traffic and ensure security without using separate tools. It has AI and ML capabilities, which work well for real-time attack prevention."
"You just need a web browser to manage it, unlike Cisco, which requires another management system."
 

Cons

"The service could use a little more web filtering. If I compare it to Cyberoam, Cyberoam has more the web filtering, so if you want to block a website, it's easier in other solutions than in Cisco."
"One thing that we really would have loved to have was policy-based routing. We had a lot of connections, and sometimes, we would have liked to change the routing depending on the policies, but it was lacking this capability. We also wanted application filtering and DNS filtering."
"The solution could offer better control that would allow the ability to restrictions certain features from a website."
"I'm not very familiar with the largest Firepower models, but competitors like Palo Alto seem to have a more capable engine to do, for instance, TLS/SSL decryption. As I understand, Firepower doesn't let you export the decrypted traffic so that, for instance, the security department can look at the traffic or inspect traffic. It's all in the box. I've heard rumors that this is something Cisco is working on, but it isn't yet available."
"The only improvement that we could make is maybe [regarding] the roadmap, to have better visibility as to what we are targeting ahead in the next few quarters."
"We don't have any serious problems. The firewall models that we have are quite legacy, and they have slower performance. We are currently investigating the possibility of migrating to next-generation firewalls."
"FMC could be improved because management with FMC is quite difficult compared to using Firepower web-based management."
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."
"There's always something new that can be added or fixed."
"The routing capability on the FortiGate devices has room for improvement."
"At first glance, the interface for the device is very confusing."
"The solution can have more features in a single box that can be multi-applied to integrate everything."
"Difficult to add or define, and not that easy to configure and manage."
"The feature which gives us a lot of pain is ASIC architecture."
"Technical support needs to be improved."
"I think there could be more QoS features"
"The bugs can be improved."
"The pricing could be improved upon."
"There is room for improvement in the area of customer service."
"Technical support could be faster."
"We would like to see improvement in the web interface for this solution, so that it can handle updates without manual intervention to put the data in order."
"The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times."
"Personally, I feel that their dashboards for reporting and things like that need some improvement."
"It is working well. In my opinion, nothing can be added at this time. However, when it comes to the cost, Palo Alto firewalls are the most expensive."
 

Pricing and Cost Advice

"Our subscription costs, just for the firewalls, is between $400,000 and $500,000 a year."
"The cost of this solution is high."
"The solution’s pricing could be lower."
"The solution was chosen because of its price compared to other similar solutions."
"Cisco is not really cheap, but there is great technology behind it."
"Cisco recently has become very expensive."
"The enterprise agreement that we have has helped with the pricing because it allows us to consume licensing in more of a consumption model versus a per-user type model. That has helped us a lot."
"There is room for improvement in the pricing when compared to the market. Although, when you compare the benefits of support from Cisco, you can adjust the value and it becomes comparable, because you usually need very good support. So you gain value there with this device."
"I do not have first-hand experience with the rice of Fortinet FortiGate, but I have heard the price was reasonable."
"We pay for the solution annually."
"Its licenses cost the same for different subscription plans."
"Fortinet FortiGate allows you to purchase licenses for hardware and software."
"If the price of the license in Fortinet FortiGate was less expensive it would be better."
"On a scale of one being cheap and ten being expensive, I rate the tool's price as an eight."
"The price is okay."
"FortiGate's pricing falls within the mid-range when compared to other leading firewall solutions."
"The tool's pricing is similar to that of Cisco. It's a security appliance; the cost depends on your network topology and specific requirements. The suitability of NG firewalls should be chosen based on your network and what you need. If a colleague from a different company asked for the cheapest and fastest firewall, I suggest they consider options like Sophos. Sophos took over Cyberoam, which was previously a leader in NG firewalls"
"It will be worth your time to hire a contractor to set it up and configure it for you, especially if you are not very knowledgeable with PA firewalls."
"Licensing is a big issue for us because of the complexity and the lack of engagement from Palo Alto. It has been hard to talk with them as we don't get the best answers."
"It is very expensive. You pay for a year."
"This is an expensive product, which is why some of our customers don't adopt it."
"After the hardware and software are procured, it is the AMC support that has to be renewed yearly."
"Palo Alto Networks NG Firewalls are expensive compared to other firewalls such as FortiGate Next Generation Firewall."
"Palo Alto Networks NG Firewalls are expensive compared to other solutions."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
845,406 professionals have used our research since 2012.
 

Comparison Review

it_user216600 - PeerSpot reviewer
Jan 3, 2016
Sophos UTM vs. Fortinet FortiGate
I have used both Sophos and Fortinet products in production and I have found the Sophos UTM appliances (hardware and virtual) to be a better fit most of the time -- with a few caveats which I will touch on below. In both instances, the transition from TMG will be mostly straightforward. The main…
 

Top Industries

By visitors reading reviews
Educational Organization
42%
Computer Software Company
13%
Manufacturing Company
4%
Government
4%
Educational Organization
22%
Computer Software Company
14%
Comms Service Provider
7%
Manufacturing Company
6%
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Fortigate 60d vs. Meraki MX67 for a small company without a dedicated IT Department
We have Meraki Mx devices now, we are looking to replace them. But that is because the Meraki MX platform lacks SSL I...
What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?
Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firew...
Features comparison between Palo Alto and Fortinet firewalls
In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it...
Which is better - Palo Alto Networks NG Firewalls or Sophos XG?
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat si...
 

Also Known As

Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall
 

Overview

 

Sample Customers

There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls. Updated: March 2025.
845,406 professionals have used our research since 2012.