Try our new research platform with insights from 80,000+ expert users

Cisco IOS Security vs Cisco Secure Firewall comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
318
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
Cisco IOS Security
Ranking in Firewalls
21st
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
48
Ranking in other categories
Intrusion Detection and Prevention Software (IDPS) (8th)
Cisco Secure Firewall
Ranking in Firewalls
7th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
409
Ranking in other categories
Cisco Security Portfolio (4th)
 

Mindshare comparison

As of April 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 21.1%, up from 17.7% compared to the previous year. The mindshare of Cisco IOS Security is 0.3%, up from 0.2% compared to the previous year. The mindshare of Cisco Secure Firewall is 5.8%, up from 5.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

EhabAli - PeerSpot reviewer
Efficient, user-friendly, and affordable
In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.
Karthik Venkataraman - PeerSpot reviewer
User-friendly and excels in documentation, making it easier to resolve issues
Cisco IOS Security is a mature product with extensive capabilities, serving as the base for the defense layer. It offers good network visibility, which helps in rapid response through the Rapid Threat Containment feature. Its deployment and configuration are straightforward. From a networking perspective, for instance, Cisco IOS incorporates time-tested security features. The zone-based firewall feature has significantly influenced our network security management. For instance, when managing multiple geolocations, it's essential to apply geographically appropriate policies. If a customer operates within the UK zone, I need to implement UK-specific policies. This approach is also applicable to customers in the Asia Pacific and UK regions. It enables me to tailor security policies based on the geographical location of my customers, such as adjusting policies for customers in China or Japan. This flexibility helps in creating a comprehensive zone list. Additionally, this feature allows for seamless service agreements between all zones from headquarters, providing access to all zones within the firewall we create. Essentially, it facilitates the creation of zones within the firewall.
Maharajan S - PeerSpot reviewer
Enhances security with precise access control but has integration challenges
Overall, I would rate the product six out of ten. Because of the support and cost, I moved away from Cisco, but otherwise, it is a good product. Recommendation depends on the requirement. If lacking a proper team and being dependent on the OEM and partner, Cisco is not suitable. However, if the team is qualified with Cisco-certified people and the requirement is a big network, it can be considered. In today's hybrid work world, having an expanded gateway is more typical than having a single one. Thus, Cisco is unlikely to be recommended for a hybrid requirement unless in-house skills align. Otherwise, depending on partners and Cisco, it can be a risk. I rate the overall solution six out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Security, SD-WAN, and Streetscape are valuable features."
"The product is easy to use and is stable. The SV1 functionality is a benefit."
"Their interface is very easy to use, it is without bugs."
"The license management is very valuable. You can get a new license each year, or you can enroll every two to four years. You can get the logs, and you will get the information on the risk in your network and the entire organization. With this information, you can take action on your actives, computers, or devices. You can bring your own device as an SSE."
"I only deal with it from a security analyst's point of view. I don't really get into the features of the actual FortiGate. From the security point of view, it works, and it does its job."
"It's very easy to set up, it's very easy to make policies and, for an organization, that means you don't need IT expert in firewalls. You just need to have somebody who knows a little bit of IT, and that's it. With other products, you need someone with a "Masters" degree in firewalls."
"Web filtering and two-factor authentication are great features."
"The most valuable features of Fortinet FortiGate are the ease of use and there are several operating systems that can include the hardware capacities. In the newer releases, the resources were more useful because they were included in the operating system."
"I've found their network routing to be very good."
"The product's stability is good."
"The solution effectively integrates with Umbrella."
"Cisco IOS Security is very robust and works very well."
"This solution, called Network Access Controller, handles authentication, authorization, and accounting for devices accessing the network."
"We use Cisco IOS Security mostly for routers to route off the firewall. It's a next-generation device."
"Cisco is head-and-shoulders above all of the competition when it comes to technical support."
"The VPN connection portal scan works flawlessly, which was a big plus for us."
"The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control."
"Strong in NAT and access-lists."
"The technical support is excellent. I would rate it as 10 out of 10. When there has been an issue, we have had a good response from them."
"I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall."
"The most valuable feature is IPS. It's a feature that's very interesting for tackling the most current attacks."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"Its efficiency and security are the most important. We are more efficient and more secure."
"The initial setup is easy."
 

Cons

"I would like to see a more intuitive dashboard."
"It is very expensive, and their support is not very good. I hope that their technical support will be better in the future."
"They should offer special pricing to premium partners and customers."
"It is stable, but its stability can be improved."
"FortiOS is not simple."
"They should improve high CPU and memory usage that occurs."
"Lacks training for new features."
"FortiGate should have a better way of detecting and managing the system memory because otherwise if the memory is too low, a system restart is required."
"The graphical user interface or the GUI could be better. Beginners can use some devices with the GUI, but some security devices are configured using CLI. It would also be better if it had its own Intrusion Protection Service and Intrusion Detection Service on the server."
"In the security portfolio from Cisco, the issue is marketing. Cisco is still seen primarily as an enterprise network player rather than being acknowledged as a security vendor."
"We have a very bad experience on the support. They take too much time requesting logs, and they are not coming directly online to resolve the issues."
"Most of their features are meant for Cisco. You cannot integrate them with any other vendor."
"Cisco IOS Security's monitoring is rather rudimentary and could be improved."
"Pricing can be reduced. I rate the current price for the product a four out of ten."
"Cisco IOS Security could improve by having more compatibility with other Cisco solutions."
"The configuration should be easier in the solution."
"The inclusion of an autofill feature would improve the ease of commands."
"The software was very buggy, to the point it had to be removed."
"The main problem we have is that things work okay until we upgrade the firmware, at which point, everything changes, and the net stops working."
"The scalability has room for improvement."
"The overall licensing structure could improve to make the solution better."
"It should be easier for the IT management or the admin to configure products. For example, the firewall products are not very straightforward for many users. They should be easier to configure and should be more straightforward."
"We have more than one Cisco firewall and it is difficult for me to integrate both on the single UI."
"You have to know the ASA command line very well because not all operations are available in the graphical interface"
 

Pricing and Cost Advice

"The license is yearly. We pay for the top end. It's called 360."
"The price is high compared to some of the other solutions."
"For the price, I'd rate it a ten because it's very cost-effective."
"There is a subscription-based model to use Fortinet FortiGate. We pay annually for the solution along with the support. If you want to have all the updates, and security patches you will need to renew your support."
"The pricing is flexible."
"The price is okay."
"The license of Fortinet FortiGate should be reduced."
"Fortinet is the least expensive solution."
"We can purchase its licenses as per specific business requirements."
"It is an expensive solution."
"The solution's pricing is very good."
"The licenses for this solution are expensive."
"The pricing is expensive."
"The cost may be around $5,000 to $10,000 a year. If you want support you have to pay at least this price."
"It is necessary to pay for a license in order to use the solution. It is on a yearly basis and the price is high."
"I rate Cisco IOS Security's pricing a ten out of ten."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"We are partners with Cisco. They are always one call away, which is good. They know how to keep their customers happy."
"The cost of the firewalls versus the ROI is okay."
"All our requirements which we need performed by the firewall (e.g. VPN, URL white-listing, or IP based white-listing, etc.) have separate licenses and costs."
"The pricing is too high and the licensing is too confusing."
"We've compared it to other solutions, like WatchGuard and other types of firewalls in that same realm. Cisco ASAs are fairly priced and very competitive with them."
"To discuss with Cisco Systems or their partners to gain the optimal price and to not consider, without verifying, the false information that Cisco ASA is very expensive."
"​Price point is too high for features and throughput available.​"
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Comparison Review

it_user206346 - PeerSpot reviewer
Mar 11, 2015
Cisco ASA vs. Palo Alto Networks
Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…
 

Top Industries

By visitors reading reviews
Educational Organization
22%
Computer Software Company
14%
Comms Service Provider
7%
Manufacturing Company
6%
Computer Software Company
28%
Financial Services Firm
13%
Government
9%
Manufacturing Company
7%
Educational Organization
42%
Computer Software Company
13%
Manufacturing Company
4%
Government
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
What do you like most about Cisco IOS Security?
Cisco IOS Security is a mature product with extensive capabilities, serving as the base for the defense layer. It off...
What is your experience regarding pricing and costs for Cisco IOS Security?
Pricing can be reduced. I rate the current price for the product a four out of ten.
What needs improvement with Cisco IOS Security?
While I do not have specific recommendations for improvement, pricing can be reduced.
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
Which is better - Meraki MX or Cisco ASA Firewall?
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports netw...
 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
IOS Security
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
Arup Group, Brunel University London, City of Biel, Gobierno de Castilla-La Mancha, K&L Gates , New South Wales Rural Fire Service, Offshore Northern Seas, Transplace
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Find out what your peers are saying about Cisco IOS Security vs. Cisco Secure Firewall and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.