Try our new research platform with insights from 80,000+ expert users

Cisco Secure Firewall vs Fortinet FortiGate vs Palo Alto Networks NG Firewalls comparison

 

Comparison Buyer's Guide

Executive Summary
 

Mindshare comparison

As of November 2024, in the Firewalls category, the mindshare of Cisco Secure Firewall is 5.7%, down from 6.0% compared to the previous year. The mindshare of Fortinet FortiGate is 19.8%, up from 17.1% compared to the previous year. The mindshare of Palo Alto Networks NG Firewalls is 3.3%, up from 3.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

Daniel Going - PeerSpot reviewer
Jun 26, 2022
Is intuitive in terms of troubleshooting, easy to consume, and stable
We use it for data center security for both the north-south and east-west. With Firepower, you get the next-generation functionality and the next-generation firewall features. Traditionally, when you have a layer three access list, it's really tricky to get the flexibility you need to allow staff…
DineshKumar28 - PeerSpot reviewer
Sep 25, 2024
Effective threat prevention with responsive customer support
We are using Fortinet FortiGate as a firewall Fortinet FortiGate has been invaluable. It has helped save costs due to its various features, reliable performance, very good UI, low latency, and stability. The Threat Intel engine in Fortinet FortiGate is highly rated for its effectiveness in…
Simon Webster - PeerSpot reviewer
Aug 16, 2022
We get reports back from WildFire on a minute-by-minute basis
The biggest thing that needs to be improved with them is their training. I took a training class for the 8.0 build, then I took it again for the 9.0 and 10 builds. They add new features every time that they do a new major release, but the training doesn't keep up. It is the same basic training that probably was with the 3.0 build, and they just change the screenshots. I would love to see them do some more work since they have all these bells and whistles, but we don't know how to use those features on a large scale. I know this little section here about the firewall, but I know there is a huge amount that still could be done with it. I am not touching enough of it because I just don't know how. It seems like the more I learn about it, the more I learn that there is to learn

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The firepower sensors have been great; they do a good job of dropping unwanted traffic."
"The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"For business purposes, it's a very detailed solution, which is it's greatest benefit, as you can get almost any piece of information you need from the solution. It allows for admins to be able to troubleshoot pretty easily."
"We can shift traffic, block certain content, or redirect policies."
"We found the initial setup to be easy."
"In v9.8 you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure."
"We are mostly using it for remote access, so the remote access feature is the most valuable, but all other features are also needed and required. It is also a very straightforward and reliable solution."
"The GUI is good."
"The SD-WAN feature is the most valuable. This feature evolved from link load balancing. It has helped us in terms of our uptime and privatizing applications whenever we experience an outage. The SD-WAN feature has been a plus for us. Two-factor authentication has allowed us to add more users in terms of remote working. We have two-factor authentication for remote workers to authenticate them before they get on the network."
"The product is very stable, easy to troubleshoot, and configure, so it has reduced the time it takes for support."
"The initial installation is very straightforward."
"FortiGate is flexible and easy to use."
"The initial setup is very straightforward and easy, with wizards helping to configure the device efficiently."
"The usage in general is pretty good."
"SSL-VPN is very useful for us and has been very reliable."
"Palo Alto Networks NG Firewalls have a Single Pass Parallel Processing (SP3) Architecture, which has a different kind of code doing the work. It increases the packet processing rate. Whereas, without the SP3 Architecture, you are waiting for each job to complete, even if you have 100 jobs assigned."
"The best features of this solution are URL filtering and traffic visibility."
"This is arguably the best security protection that you can buy."
"Our clients find the most valuable features in Palo Alto Networks NG Firewalls to be the user-friendly interface, extensive capabilities, and highly granular rule creation process."
"Ability to log each and every application."
"The technical support is great."
"The most valuable features are application inspection and sandboxing. Application inspection decides where traffic is transmitted. If I have a perimeter report for a particular service, then other services or malicious services cannot use an open port. In this way, application inspection is doing a fantastic job. We also have a very good sandbox with almost no rate limit. It will inspect any file that comes in and goes out in a dedicated patch to identify malware. Therefore, these two things help me to protect our organization from any bad actors."
"There are many valuable features within the solution. This includes security, a user-friendly firewall, antivirus, and global protection."
 

Cons

"Virtual patching would be helpful for servers that are not able to update patches due to compatibility issues."
"UTM features would be nice or some NextGen features."
"It is hard to collaborate with our filtered environment."
"Nowadays, nobody is in the office, so I need to figure out how to put the firewall outside. If I could have a centralized firewall that also receives information from external locations, like peoples' home offices, that would help us consolidate everything into one appliance."
"The one thing that the ASAs don't have is a central management point. We have a lot of our environments on FTD right now. So, we are using a Firewall Management Center (FMC) to manage all those. The ASAs don't really have that, but they are easy to use if you physically go into them and manage them."
"The operation of the ASA is good but the problem is that whenever you require an upgrade, there are multiple pieces of software that you have to upgrade. Extensive planning is required, because if you upgrade one piece of the software it has to be compatible with the others as well. You always need to check the compatibility metrics."
"It is my understanding that they are in the process of discontinuing this device."
"Cisco is not cheap, however, it is worth investing in these technologies."
"FortiGate should have a better way of detecting and managing the system memory because otherwise if the memory is too low, a system restart is required."
"There is room for improvement related to the logging and reporting aspect."
"FortiGate can improve its token system, as it requires a purchase before use."
"The reporting in Fortinet FortiGate could improve. Customers are having to purchase additional reporting components. When I have used the Sophos solution it is a complete solution, in Fortinet FortiGate you have to use additional tools to have the features needed."
"The platform's compatibility with Wi-Fi equipment needs improvement."
"The solution can have more features in a single box that can be multi-applied to integrate everything."
"In the balance between links feature normally you can just choose one option to balance. It would be better for the solution to have more than one option, preferably three."
"The integration with third-party tools may be something that they should work on."
"The solution's VPN, called GlobalProtect, could be improved as I've had a few issues with that."
"If you enable SSL you will face a problem. The throughput of the firewall will be degraded. SSL is a big issue on all firewalls. All products suffer from issues with SSL, but Palo Alto firewalls suffer more from it."
"The setup was complex. We have perimeter firewalls and multiple voice devices handling calls. Directing traffic through gateway perimeter firewalls becomes quite complex in such a scenario. The implementation took around two months and required three to four people for deployment."
"There are some advanced features that we aren't able to use, which include active IP authentication and app ID. We are facing challenges with implementing those two features."
"I would like a collaboration system and reporting ASA policy needs to be smarter."
"The solution needs some management tool enhancements. It could also use more reporting tools."
"There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex."
"In my opinion, the training provided is satisfactory, but there is certainly room for improvement. It would be great to have more comprehensive training at a lower cost, or even for free."
 

Pricing and Cost Advice

"The prices of Cisco Secure Firewall are competitive, especially for us as Cisco partners. We purchase the products directly from Cisco as a gold partner, which allows us to obtain better pricing than we would get from normal distributors or the local market."
"We've gone to all smart licensing, so that works well."
"The cost is a bit high compared to other solutions in the market."
"The licensing is not as complicated as that for some other Cisco products. There are a couple of tiers of licensing, but the price point is a little too high for the market. There are other vendors that come in lower and offer more for fewer licensing options. They may offer URL filtering or malware filtering with a single license rather than requiring two or three licenses. I think Cisco could do a bit more in this area."
"We pay about $200 yearly and we have two firewalls."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"The pricing of Cisco's boxes is pretty good."
"We are on an annual license to use Fortinet FortiGate."
"The value is the capability of having multiple services with one unique license, not having the limitation per user licensing schema, like other vendors."
"Pricing for this product is comparatively lower than other products. It's an affordable solution, but when expanding the number of users, they'll ask you to replace the model, so that's an added cost."
"The pricing is perfect."
"Fortinet has one or two license types, and the VPN numbers are only limited by the hardware chassis make."
"When you look at these end security systems and firewalls, these firewalls even five years ago were $50,000 or perhaps $25,000 to implement in some types of customer sites. Now we're talking about tools that are $1,000. In this case, it might have been $500 or something like that."
"I think that the pricing is fair."
"Easy to understand licensing requirements."
"The price of Palo Alto Networks NG Firewalls is high, but it is worth it if you have the budget for it."
"Palo Alto Networks NG Firewalls' price is expensive."
"I would assume that it's still within mid-range given its company structure and everything else. My guess is it's still okay."
"This is an expensive product, which is why some of our customers don't adopt it."
"Annually, the licensing costs are too much."
"That solution's pricing and/or licensing are very convoluted."
"The price of the solution is on the higher side compared to competitors."
"This solution is quite expensive."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
814,763 professionals have used our research since 2012.
 

Comparison Review

it_user216600 - PeerSpot reviewer
Jan 3, 2016
Sophos UTM vs. Fortinet FortiGate
I have used both Sophos and Fortinet products in production and I have found the Sophos UTM appliances (hardware and virtual) to be a better fit most of the time -- with a few caveats which I will touch on below. In both instances, the transition from TMG will be mostly straightforward. The main…
 

Top Industries

By visitors reading reviews
Educational Organization
31%
Computer Software Company
16%
Government
5%
Manufacturing Company
5%
Educational Organization
22%
Computer Software Company
15%
Manufacturing Company
6%
Comms Service Provider
6%
Computer Software Company
16%
Financial Services Firm
9%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Fortigate 60d vs. Meraki MX67 for a small company without a dedicated IT Department
We have Meraki Mx devices now, we are looking to replace them. But that is because the Meraki MX platform lacks SSL I...
What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?
Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firew...
Features comparison between Palo Alto and Fortinet firewalls
In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it...
Which is better - Palo Alto Networks NG Firewalls or Sophos XG?
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat si...
 

Also Known As

Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall
 

Overview

 

Sample Customers

There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls. Updated: November 2024.
814,763 professionals have used our research since 2012.