Try our new research platform with insights from 80,000+ expert users

Cisco IOS Security vs Cisco Secure Firewall comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
318
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
Cisco IOS Security
Ranking in Firewalls
21st
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
48
Ranking in other categories
Intrusion Detection and Prevention Software (IDPS) (8th)
Cisco Secure Firewall
Ranking in Firewalls
7th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
409
Ranking in other categories
Cisco Security Portfolio (4th)
 

Mindshare comparison

As of April 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 21.1%, up from 17.7% compared to the previous year. The mindshare of Cisco IOS Security is 0.3%, up from 0.2% compared to the previous year. The mindshare of Cisco Secure Firewall is 5.8%, up from 5.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

EhabAli - PeerSpot reviewer
Efficient, user-friendly, and affordable
In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.
Karthik Venkataraman - PeerSpot reviewer
User-friendly and excels in documentation, making it easier to resolve issues
Cisco IOS Security is a mature product with extensive capabilities, serving as the base for the defense layer. It offers good network visibility, which helps in rapid response through the Rapid Threat Containment feature. Its deployment and configuration are straightforward. From a networking perspective, for instance, Cisco IOS incorporates time-tested security features. The zone-based firewall feature has significantly influenced our network security management. For instance, when managing multiple geolocations, it's essential to apply geographically appropriate policies. If a customer operates within the UK zone, I need to implement UK-specific policies. This approach is also applicable to customers in the Asia Pacific and UK regions. It enables me to tailor security policies based on the geographical location of my customers, such as adjusting policies for customers in China or Japan. This flexibility helps in creating a comprehensive zone list. Additionally, this feature allows for seamless service agreements between all zones from headquarters, providing access to all zones within the firewall we create. Essentially, it facilitates the creation of zones within the firewall.
Maharajan S - PeerSpot reviewer
Enhances security with precise access control but has integration challenges
Overall, I would rate the product six out of ten. Because of the support and cost, I moved away from Cisco, but otherwise, it is a good product. Recommendation depends on the requirement. If lacking a proper team and being dependent on the OEM and partner, Cisco is not suitable. However, if the team is qualified with Cisco-certified people and the requirement is a big network, it can be considered. In today's hybrid work world, having an expanded gateway is more typical than having a single one. Thus, Cisco is unlikely to be recommended for a hybrid requirement unless in-house skills align. Otherwise, depending on partners and Cisco, it can be a risk. I rate the overall solution six out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Fortigate is very scalable to serve our customers' needs. We have scaled already from fifty to more than a hundred instances of Fortinet FortiGate. Around 20 staff are required for deployment and maintenance, mostly engineers."
"Fortinet FortiGate protects against internet-based threats, both internal and external. It is scalable, stable, easy to use, and easy to install."
"Fortinet FortiGate appears to be scalable."
"Unified Threat Management (UTM) features."
"FortiGate's web and URL filtering are unlike any other firewall I've used. The functionality of URL filtering in those solutions is problematic because everything is encrypted, and firewalls can't break that encryption protocol. Fortinet has an SSL proxy, so the encryption is done before the packet ever leaves the FortiGate. The URL filter is definitely one of the most helpful features."
"Good load balancing feature."
"It has very easy management and an amazing ETM configuration."
"User-friendly and affordable security solution that's recommended for SMB customers. This solution has good technical support."
"The most valuable feature is endpoint protection."
"The most valuable features of Cisco IOS Security are the plenty of functionality it provides, many people are IT certified the usage, and the user interface is good."
"I've found their network routing to be very good."
"The VPN connection portal scan works flawlessly, which was a big plus for us."
"We are able to filter a lot of traffic especially when a lot of the traffic is in layer 7."
"Cisco IOS Security is a mature product with extensive capabilities, serving as the base for the defense layer. It offers good network visibility, which helps in rapid response through the Rapid Threat Containment feature. Its deployment and configuration are straightforward."
"One of the valuable features of the solution is its flexibility and it performs great."
"The Intrusion Firewall is a valuable feature."
"REST API offering with rich capabilities which makes the product very robust."
"The high-availability features, the VPN and the IPSec, are our top three features."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"We chose Cisco because it had the full package that we were looking for."
"Filtering is the best feature."
"The SLA is great, and the escalation process is also great."
"The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot."
 

Cons

"The room for improvement is about the global delivery time period. Usually I need to wait for almost one month to deliver it overseas. So if you can shorten the deliver time it'd be great."
"Fortinet FortiGate is not very easy to use. The navigation could be improved to make it easier to use."
"If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox."
"Pricing for it is a bit high. It could be cheaper."
"The main aspect of FortiGate that could be improved is load balancing. Our management team does not want to buy another appliance for only load balancing."
"There aren't really any negative aspects to discuss."
"The initial setup and configuration are not intuitive and require training."
"The command line is complicated, and the interface could be better."
"Sometimes I find it difficult to manage. Some configurations are difficult for new engineers, for example."
"I would love it if it has a link-by-link feature, integration with Unified Threat Management (UTM), and load balancers. They haven't got any link-by-link feature right now, which can be a very attractive option. This link-by-link feature can also be made available for Cisco's UTM firewalls. The link-by-link feature is available in some of the other firewalls. Currently, integration with UTM is missing. Cisco IOS Security also doesn't have the load balancers and a few things that need to be done to get a good UTM firewall. Normally, other firewalls have UTM. As a next-generation firewall, it's good, but as a UTM, it has to do some work."
"We faced significant challenges related to licensing issues, particularly when licenses expire."
"There's a technology called SD-WAN that we would like to see. We are unable to handle multiple connections or to automatically load balance. I would like to have a feature that enables us to automatically prepare for load balancing."
"Cisco is an expensive firewall, so the pricing can be improved."
"We have a very bad experience on the support. They take too much time requesting logs, and they are not coming directly online to resolve the issues."
"Cisco IOS Security could improve its security features. There are competitors that have some additional security features, such as Fortinet FortiGate. Additionally, there should be better synchronization with Cisco IOS Security and other vendors, and improved AI features would be beneficial."
"It takes too much time to deploy a policy to FMC. It takes around eight minutes. You can't afford any downtime when you're changing policies."
"It integrates with other security products from Cisco, but sometimes, there can be glitches or errors."
"The Cisco ASA device needs overall improvement, as configurations alone do not completely secure my network."
"When we're looking at full-stack visibility, it can be difficult to get the right information out of Firepower."
"It is not easy to configure."
"The licensing needs simplification."
"One feature lacking is superior anti-virus protection, which must be added."
"One of my main concerns, an area that could use improvement is in adjusting the need to buy a license to enable features."
"I would say that in inexperienced hands, the interface can be kind of overwhelming. There are just a lot of options. Too much, if you don't know what you are looking for or trying to do."
 

Pricing and Cost Advice

"Fortinet costs are 25% lower than the high-cost provider. There is an equipment cost and a recurring monthly cost for licenses and technical support."
"The price depends on the size of the company. From the beginning, you just want to know the internet bandwidths, speed, and the number of users to be able to offer the right product and model. They have a lot of products in FortiGate according to the size of the company, like 200D and 300D."
"There is a license to use Fortinet FortiGate."
"Fortinet FortiGate is reasonably priced."
"The pricing of the solution is very competitive."
"Licensing for Fortinet FortiGate is on a yearly basis. Pricing for it is a bit high. It could be cheaper."
"Fortinet Secure SD-WAN delivered the lowest total cost of ownership (TCO) per Mbps among all other vendors."
"I do not have first-hand experience with the rice of Fortinet FortiGate, but I have heard the price was reasonable."
"The product is expensive."
"The cost of the license, to the best of my knowledge, is approximately two thousand dollars."
"The solution's pricing is very good."
"I rate Cisco IOS Security's pricing a ten out of ten."
"We need to pay for the license and it is expensive."
"It is an expensive solution."
"We can purchase its licenses as per specific business requirements."
"The licenses for this solution are expensive."
"It's a brilliant firewall, and the fact that it comes with a perpetual license really does go far in terms of helping the organization in not having to deal with those costs on an annual basis. That is a pain point when it comes to services like the ones we have on Fortigate. That's where we really give Cisco firewalls the thumbs up."
"The price is comparable."
"Cisco is known as a premier product and it comes with a premier price point sometimes. Sometimes that makes it challenging for some customers to bite off. They see the value when we get into a proof-of-value scenario."
"The cost is a bit high compared to other solutions in the market."
"We pay a lot of money for it."
"I bought a license for three years and it was really affordable."
"It was initially heavy on my pocket, but it soon actualised its worth."
"It is pay-as-you-go, so it much cheaper than buying in the plants."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Comparison Review

it_user206346 - PeerSpot reviewer
Mar 11, 2015
Cisco ASA vs. Palo Alto Networks
Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…
 

Top Industries

By visitors reading reviews
Educational Organization
22%
Computer Software Company
14%
Comms Service Provider
7%
Manufacturing Company
6%
Computer Software Company
28%
Financial Services Firm
13%
Government
9%
Manufacturing Company
7%
Educational Organization
42%
Computer Software Company
13%
Manufacturing Company
4%
Government
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
What do you like most about Cisco IOS Security?
Cisco IOS Security is a mature product with extensive capabilities, serving as the base for the defense layer. It off...
What is your experience regarding pricing and costs for Cisco IOS Security?
Pricing can be reduced. I rate the current price for the product a four out of ten.
What needs improvement with Cisco IOS Security?
While I do not have specific recommendations for improvement, pricing can be reduced.
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
Which is better - Meraki MX or Cisco ASA Firewall?
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports netw...
 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
IOS Security
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
Arup Group, Brunel University London, City of Biel, Gobierno de Castilla-La Mancha, K&L Gates , New South Wales Rural Fire Service, Offshore Northern Seas, Transplace
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Find out what your peers are saying about Cisco IOS Security vs. Cisco Secure Firewall and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.