Try our new research platform with insights from 80,000+ expert users

Cisco IOS Security vs Cisco Secure Firewall comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
318
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
Cisco IOS Security
Ranking in Firewalls
21st
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
48
Ranking in other categories
Intrusion Detection and Prevention Software (IDPS) (8th)
Cisco Secure Firewall
Ranking in Firewalls
7th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
409
Ranking in other categories
Cisco Security Portfolio (4th)
 

Mindshare comparison

As of April 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 21.1%, up from 17.7% compared to the previous year. The mindshare of Cisco IOS Security is 0.3%, up from 0.2% compared to the previous year. The mindshare of Cisco Secure Firewall is 5.8%, up from 5.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

EhabAli - PeerSpot reviewer
Efficient, user-friendly, and affordable
In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.
Karthik Venkataraman - PeerSpot reviewer
User-friendly and excels in documentation, making it easier to resolve issues
Cisco IOS Security is a mature product with extensive capabilities, serving as the base for the defense layer. It offers good network visibility, which helps in rapid response through the Rapid Threat Containment feature. Its deployment and configuration are straightforward. From a networking perspective, for instance, Cisco IOS incorporates time-tested security features. The zone-based firewall feature has significantly influenced our network security management. For instance, when managing multiple geolocations, it's essential to apply geographically appropriate policies. If a customer operates within the UK zone, I need to implement UK-specific policies. This approach is also applicable to customers in the Asia Pacific and UK regions. It enables me to tailor security policies based on the geographical location of my customers, such as adjusting policies for customers in China or Japan. This flexibility helps in creating a comprehensive zone list. Additionally, this feature allows for seamless service agreements between all zones from headquarters, providing access to all zones within the firewall we create. Essentially, it facilitates the creation of zones within the firewall.
Maharajan S - PeerSpot reviewer
Enhances security with precise access control but has integration challenges
Overall, I would rate the product six out of ten. Because of the support and cost, I moved away from Cisco, but otherwise, it is a good product. Recommendation depends on the requirement. If lacking a proper team and being dependent on the OEM and partner, Cisco is not suitable. However, if the team is qualified with Cisco-certified people and the requirement is a big network, it can be considered. In today's hybrid work world, having an expanded gateway is more typical than having a single one. Thus, Cisco is unlikely to be recommended for a hybrid requirement unless in-house skills align. Otherwise, depending on partners and Cisco, it can be a risk. I rate the overall solution six out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Fortinet FortiGate's most valuable features are ease of use, flexibility, and most of the configuration we can be done using the GUI. When we compare Fortinet FortiGate with other solutions the firewall policy are very easy to understand."
"It's inexpensive compared to some of the other technology out there."
"It's an easy solution to set up."
"This solution made it very easy to manage our bandwidth."
"I like several features that this product has, such as antivirus and internet navigation inspection. It is also simple to use."
"Virtual Domains (VDOMs) are a feature that we found valuable."
"The most valuable features are the enterprise modeling and the simple interface."
"The user interface (UI) is very, very good."
"What I have used the most and received the most benefit from is the IPsec technology."
"Cisco products are very secure and integrate easily with other devices."
"The VPN is the most valuable feature."
"The capabilities for scalability with this product are huge"
"The Intrusion Firewall is a valuable feature."
"It covers everything we need it to without looking to secondary solutions."
"This solution, called Network Access Controller, handles authentication, authorization, and accounting for devices accessing the network."
"The product's stability is good."
"The primary benefits of using Cisco Secure solutions are time-saving, a robust API, and convenience for the security team."
"They are easy to maintain."
"The user interface is easy to navigate."
"Basic firewalling is obviously the most valuable. In addition to that, secure access and remote access are also very useful for us."
"I like all of the features."
"In v9.8 you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure."
"With Cisco, there are a lot of features such as the network map. Cisco builds the whole network map of the machines you have behind your firewall and gives you insight into the vulnerabilities and attributes that the host has. Checkpoint and Fortinet don't have that functionality directly on the firewall."
"With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well."
 

Cons

"It would be a benefit if Fortinet would release a one-stop solution that is better integrated with other products and an automated emergency response system."
"We would like to have the ability to disable some of the security functionalities."
"The platform's compatibility with Wi-Fi equipment needs improvement."
"The UTM filtering needs improvement."
"The captive portal could be improved."
"The web-cache feature which was previously on the FortiGate device, but was deleted with the recent upgrade should be returned. It was a very valuable feature for us."
"​It needs to improve its ISP load balancing.​"
"The feedback that I have received is that the performance could be better, and the user experience is not as good compared to a previous solution we used. It could be more user-friendly. Of course, it still works fine for our operations."
"Cisco IOS Security's monitoring is rather rudimentary and could be improved."
"The company needs to make its solution more affordable to make it more accessible to larger markets. Otherwise, it's seen as an enterprise-level solution that small or medium-sized organizations can't afford and therefore they won't even look at it."
"While Cisco IOS Security is stable and scalable, I would like to see it improved to be even better."
"There are the usual bugs that are inherent to some software upgrades. Sometimes this provides some unexpected issues, however, it happens with all brands all the time."
"There's a technology called SD-WAN that we would like to see. We are unable to handle multiple connections or to automatically load balance. I would like to have a feature that enables us to automatically prepare for load balancing."
"While I do not have specific recommendations for improvement, pricing can be reduced."
"Cisco is a scalable product, but it is expensive compared to other vendors."
"The routers, don't have like long-term tendency features, or higher availability features available for the IOS. It could also use a better user interface."
"Recently, we have been having an issue with the ASA firewall. We haven't found the root cause yet and are still working on it. We failed over the firewall from active to passive and suddenly that resolved the issue. We are now working to find the root cause."
"The user interface isn't as good as it could be. They should work to improve it. It would make it easier for customer management if it was easier to use."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"It would be better if we could manage all of our firewalls as a set rather than individually. I would like to see a single pane of glass type of option. We also use another vendor's firewalls and they have a centralized management infrastructure that we have implemented. This infrastructure is a bit easier to manage."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"The solution is overcomplicated in some senses. Simplifying it would be an improvement."
"There are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates."
"I would like the ability to drill down into certain reports because currently, that cannot be done."
 

Pricing and Cost Advice

"The license is yearly. We pay for the top end. It's called 360."
"You need to pay a license for this solution. Our licensing is now done in our subsidiary."
"Fortinet costs are 25% lower than the high-cost provider. There is an equipment cost and a recurring monthly cost for licenses and technical support."
"The price is highly competitive when compared to other brands that offer similar functionality."
"If you purchase a one-year subscription with the hardware and then you want to renew for the second year, it is very costly."
"I had to pay for the license for the firewall, but it is guaranteed to have updates. I expect a good service for it. It was about €1000 for a year, and there was no additional cost."
"The price of Fortinet FortiGate is better than Cisco, Check Point, and Palo Alto. In terms of pricing, it's probably a better-priced firewall solution overall."
"The license is too expensive to renew. The license renewal process is also complex."
"Price is certainly something that the IOS technology has fallen behind the competition on."
"It is necessary to pay for a license in order to use the solution. It is on a yearly basis and the price is high."
"The pricing is very expensive. Normally I do a yearly contract; I don't know the exact pricing, but it's around $75,000 USD per year. That's the standard licensing."
"We need to pay for the license and it is expensive."
"The solution's pricing is very good."
"Cisco IOS Security is not very expensive, and pricing depends on where you live. It's affordable for both individuals and institutions. On a scale from one to five, I would give Cisco's pricing a four."
"The licensing is on a subscription basis, and it is fairly costly. I would prefer a one-time payment."
"You can get a better price if you commit to a longer-term license. Three years, five years, or even seven or ten years will be cheaper than a three-month or one-year term."
"I am not a huge fan of Cisco licensing in general."
"Cisco is considered to be an expensive solution."
"Once you know what the product is, it is not that bad. Yes, it is expensive. When you try to get a license, it is like, "Well, I don't know which one of these I need. And, if I don't buy it now, then I will probably be back later. Now, I have to justify the money." Typically, you end up just buying everything that you don't use most of the time. It is one of those solutions where you get what you pay for. If you don't know what you need, just buy everything. We have additional licenses that we don't use."
"In terms of scalability, it is really expensive. It is scalable, but when it comes to pricing, the upgrading is a bit high."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"Our individual release cycle has been quicker because the entire development and testing environment has been automated because of these virtual instances. It has aligned our development workflow. This is where we have seen the ROI increase."
"Always plan ahead for three years. In other words, do not buy a firewall on what your needs are today, but try to predict where you will be three years from now in terms of bandwidth, security requirements, and changes in organizational design."
"We pay about $200 yearly and we have two firewalls."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Comparison Review

it_user206346 - PeerSpot reviewer
Mar 11, 2015
Cisco ASA vs. Palo Alto Networks
Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…
 

Top Industries

By visitors reading reviews
Educational Organization
22%
Computer Software Company
14%
Comms Service Provider
7%
Manufacturing Company
6%
Computer Software Company
28%
Financial Services Firm
13%
Government
9%
Manufacturing Company
7%
Educational Organization
42%
Computer Software Company
13%
Manufacturing Company
4%
Government
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
What do you like most about Cisco IOS Security?
Cisco IOS Security is a mature product with extensive capabilities, serving as the base for the defense layer. It off...
What is your experience regarding pricing and costs for Cisco IOS Security?
Pricing can be reduced. I rate the current price for the product a four out of ten.
What needs improvement with Cisco IOS Security?
While I do not have specific recommendations for improvement, pricing can be reduced.
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
Which is better - Meraki MX or Cisco ASA Firewall?
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports netw...
 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
IOS Security
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
Arup Group, Brunel University London, City of Biel, Gobierno de Castilla-La Mancha, K&L Gates , New South Wales Rural Fire Service, Offshore Northern Seas, Transplace
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Find out what your peers are saying about Cisco IOS Security vs. Cisco Secure Firewall and other solutions. Updated: March 2025.
844,944 professionals have used our research since 2012.