Try our new research platform with insights from 80,000+ expert users

Cisco Secure Firewall vs Fortinet FortiGate vs Palo Alto Networks NG Firewalls comparison

 

Comparison Buyer's Guide

Executive Summary
 

Mindshare comparison

As of November 2024, in the Firewalls category, the mindshare of Cisco Secure Firewall is 5.7%, down from 6.0% compared to the previous year. The mindshare of Fortinet FortiGate is 19.8%, up from 17.1% compared to the previous year. The mindshare of Palo Alto Networks NG Firewalls is 3.3%, up from 3.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

Daniel Going - PeerSpot reviewer
Jun 26, 2022
Is intuitive in terms of troubleshooting, easy to consume, and stable
We use it for data center security for both the north-south and east-west. With Firepower, you get the next-generation functionality and the next-generation firewall features. Traditionally, when you have a layer three access list, it's really tricky to get the flexibility you need to allow staff…
DineshKumar28 - PeerSpot reviewer
Sep 25, 2024
Effective threat prevention with responsive customer support
We are using Fortinet FortiGate as a firewall Fortinet FortiGate has been invaluable. It has helped save costs due to its various features, reliable performance, very good UI, low latency, and stability. The Threat Intel engine in Fortinet FortiGate is highly rated for its effectiveness in…
Simon Webster - PeerSpot reviewer
Aug 16, 2022
We get reports back from WildFire on a minute-by-minute basis
The biggest thing that needs to be improved with them is their training. I took a training class for the 8.0 build, then I took it again for the 9.0 and 10 builds. They add new features every time that they do a new major release, but the training doesn't keep up. It is the same basic training that probably was with the 3.0 build, and they just change the screenshots. I would love to see them do some more work since they have all these bells and whistles, but we don't know how to use those features on a large scale. I know this little section here about the firewall, but I know there is a huge amount that still could be done with it. I am not touching enough of it because I just don't know how. It seems like the more I learn about it, the more I learn that there is to learn

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform."
"The solution's dashboard is fine, and in terms of support, Cisco is better than other OEMs in the market."
"The configuration capabilities and the integration with other tools are the most valuable features. I really like this product. Cisco is one of my favorite brands, and I always think Cisco solutions are very reliable, easy to configure, and very secure."
"The most valuable feature we have found to be the VPN because we use it often."
"A stable and solid solution for protection from external threats and for VPN connections."
"I think that the firewall feature is the most valuable to me as it is one of the oldest features for this solution. We also appreciate how stable the VPN is."
"For companies prioritizing security, the optimal choice is one that offers a range of feeds to cater to diverse needs. This is particularly crucial for organizations implementing DDoS mitigation. The preferred solutions typically align with the top server vendors, with Cisco, Forti, and Barracuda consistently ranking among the top three vendors we collaborate with."
"Since the product is stable, we do not have to spend additional money to buy other firewalls. Once deployed, we can use the product for a long time. Thus, it is cost effective."
"The most valuable feature of FortiGate is FortiView which provides proactive monitoring."
"The next-gen features, the unified threat management capabilities are something that just about everybody is interested in at this point."
"Layer-3 firewall and routing are the most valuable features."
"Fortigate represents a really scalable way of delivering perimeter network security, some level of layer 7 security, WAF, and also a way to create a meshed ADVPN solution."
"The initial setup is very straightforward and easy, with wizards helping to configure the device efficiently."
"The technical support is great."
"The product is easy to use and is stable. The SV1 functionality is a benefit."
"Security, SD-WAN, and Streetscape are valuable features."
"Security is the biggest thing nowadays, including threat response, incident response, and root cause. We found that a lot of the logging and dashboard capabilities offered by Palo Alto fill the missing skill gap that you run up against. It makes it easier for our tier-two staff to get involved in some of the deeper root cause analysis. The dashboards, logs, and reports make it easier for our staff to dive right in and not get lost in what tools they should use. It's easy because they're all right there."
"Decryption is one of Palo Alto Networks NG Firewalls' best features because we can decrypt by category. For instance, we can decrypt everything except for bank traffic so that we don't interfere with the passwords and two-factor authentication of those checking their bank accounts at work. We can still monitor for malware and other threats that come through a secure channel. It's seamless for users. The URL filtering and IPS are both great as well."
"In my opinion, Palo Alto has consistently been one of the best firewalls for enterprise security."
"The basic configuration will only take 15 minutes to set up"
"The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves... And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput."
"AI and machine learning are valuable aspects."
"Flexible and integrates well with apps and other security tools."
"The best feature is the packet inspection; compared to solutions like Cisco and FortiGate, Palo Alto's packet inspection is much less CPU intensive, allowing it to detect threats embedded within packages more quickly and efficiently."
 

Cons

"We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful."
"Usually, the customers are satisfied, but I am going to recommend that all clients upgrade to FirePOWER management. I want Cisco to improve the feature called anti-spam. We use a Cisco only email solution, that's why we need the anti-spam on email facility."
"It is a good firewall, though not NextGen."
"The virtual firewalls don't work very well with Cisco AnyConnect."
"The configuration is an area that needs improvement."
"One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection."
"One thing that we really would have loved to have was policy-based routing. We had a lot of connections, and sometimes, we would have liked to change the routing depending on the policies, but it was lacking this capability. We also wanted application filtering and DNS filtering."
"The product's user interface is an area with certain shortcomings where improvements are required."
"There could be more integration between the logging and analytical platforms to make it more seamless and integrated."
"We would like to see a better training platform implemented."
"I need user-behavior analytics, to find threat scenarios from inside the organization, insider attacks. That would be very helpful for us. In addition, I would like next-generation features for small and medium businesses. These businesses require UTM, all in one product. Fortinet must include it."
"We had a minor problem where there was a major system upgrade on the hardware platfrom and the Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved."
"I would like to see more advanced developments of a wireless controller in the future."
"The process of configuring firewall rules appears excessively complex."
"In the balance between links feature normally you can just choose one option to balance. It would be better for the solution to have more than one option, preferably three."
"The solution could be more user friendly."
"When we looked at it originally, we needed to host the Panorama environment ourselves. I would prefer it if we could take this as a service. It might be that it is available, but for some reason we didn't choose it. The downsides of hosting are that we need to feed and water the machines. We are trying to move to a more SaaS environment where we have less things in our data centers, whether they be in our cloud data centers or physical data centers, which can reduce our physical data center footprint."
"Sometimes some of the applications the customer has do not respond as they normally should."
"In the cloud, the HA could be a lot better. Its price could also be better. It is very expensive."
"I like the reports, but I wish the reporting was a little better. When I set up the automatic reports to come in, they're pretty basic. I would like them to be a little more advanced at the ACC monitoring and things like that. I still enjoy all the daily alerts that I get and all the daily PDFs and reports, but I just feel that it could expand upon the visualization of the reports."
"The machine learning feature, with its continuous potential for improvement, directly enhances the security of Palo Alto Networks NG Firewalls."
"Overall it is good. It is reliable and easy to understand. However, the monitoring feature could be improved."
"Most other VPN clients include mobile VPNs but Palo Alto does not."
"The solution's VPN, called GlobalProtect, could be improved as I've had a few issues with that."
 

Pricing and Cost Advice

"The price of this solution is not good or bad."
"Cisco is not really cheap, but there is great technology behind it."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"The pricing and licensing are getting more complicated, and I'd like that to be simpler."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"It's very competitive with other products."
"We pay about €2,000 ($2,400 USD) per year for licensing."
"Each feature costs money, so it is important to study your needs."
"The initial setup is super straight forward and as far as the licensing goes for the small product that we have, the pricing was pretty competitive. It wasn't as simple and as cheap as a SonicWall but for the service we would get it was a good price."
"Fortinet Secure SD-WAN delivered the lowest total cost of ownership (TCO) per Mbps among all other vendors."
"If you compare Fortinet FortiGate with Sophos and other firewall products available in the market, this solution is affordable."
"A year or two years back, its price was competitive and reasonable. That was one of the reasons that people easily switched to Fortinet. Over the last two years, the prices have increased drastically. However, the prices of others have also increased. An advantage is there from the price point but not as much as it was previously."
"The price is fair compared to the other competitors."
"The price for the Fortinet FortiGate is reasonable. Secure SD-WAN is free of charge. If you have their firewall, it's free of charge. It's very tempting."
"The price could be lower."
"Unfortunately, Palo Alto Networks products aren't cheap, but you have to pay the price for good security technology. I don't know the exact price, but it's about $10,000 to $15,000 without a subscription. Cisco is priced similarly. FortiGate is inexpensive in Poland, so a lot of customers prefer that. Though it's pricey, customers ultimately realize Palo Alto is the best security solution because it's stable and the network security functions are practical. Cisco has some problems from time to time, but I feel comfortable with Palo Alto Networks."
"This solution is quite expensive."
"It's pretty good."
"Cheap and faster are the opposite sides of security. Security inspections have some technical and money costs. If you just purchase some cheap, fast firewalls, then you will lose a lot of the security features and fraud protection capabilities."
"The price of Palo Alto Networks NG Firewalls is high, but it is worth it if you have the budget for it."
"After the hardware and software are procured, it is the AMC support that has to be renewed yearly."
"Don't buy a device with more power than you really need, because licensing depends on the cost of the box you have."
"We are on an annual license for this solution. I am happy with the price and when comparing it to other solutions it is priced competitively."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
814,763 professionals have used our research since 2012.
 

Comparison Review

it_user216600 - PeerSpot reviewer
Jan 3, 2016
Sophos UTM vs. Fortinet FortiGate
I have used both Sophos and Fortinet products in production and I have found the Sophos UTM appliances (hardware and virtual) to be a better fit most of the time -- with a few caveats which I will touch on below. In both instances, the transition from TMG will be mostly straightforward. The main…
 

Top Industries

By visitors reading reviews
Educational Organization
31%
Computer Software Company
16%
Government
5%
Manufacturing Company
5%
Educational Organization
22%
Computer Software Company
15%
Manufacturing Company
6%
Comms Service Provider
6%
Computer Software Company
16%
Financial Services Firm
9%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Fortigate 60d vs. Meraki MX67 for a small company without a dedicated IT Department
We have Meraki Mx devices now, we are looking to replace them. But that is because the Meraki MX platform lacks SSL I...
What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?
Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firew...
Features comparison between Palo Alto and Fortinet firewalls
In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it...
Which is better - Palo Alto Networks NG Firewalls or Sophos XG?
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat si...
 

Also Known As

Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall
 

Overview

 

Sample Customers

There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls. Updated: November 2024.
814,763 professionals have used our research since 2012.