Try our new research platform with insights from 80,000+ expert users

Cisco Secure Firewall vs Fortinet FortiGate vs Palo Alto Networks NG Firewalls comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

As of April 2025, in the Firewalls category, the mindshare of Cisco Secure Firewall is 5.8%, up from 5.5% compared to the previous year. The mindshare of Fortinet FortiGate is 21.1%, up from 17.7% compared to the previous year. The mindshare of Palo Alto Networks NG Firewalls is 3.4%, up from 3.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

Maharajan S - PeerSpot reviewer
Enhances security with precise access control but has integration challenges
Overall, I would rate the product six out of ten. Because of the support and cost, I moved away from Cisco, but otherwise, it is a good product. Recommendation depends on the requirement. If lacking a proper team and being dependent on the OEM and partner, Cisco is not suitable. However, if the team is qualified with Cisco-certified people and the requirement is a big network, it can be considered. In today's hybrid work world, having an expanded gateway is more typical than having a single one. Thus, Cisco is unlikely to be recommended for a hybrid requirement unless in-house skills align. Otherwise, depending on partners and Cisco, it can be a risk. I rate the overall solution six out of ten.
EhabAli - PeerSpot reviewer
Efficient, user-friendly, and affordable
In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.
AmjadKhan1 - PeerSpot reviewer
Provides inline protection with a unified view and anti-spyware capabilities
I would rate Palo Alto Networks NG Firewalls ten out of ten because it is the best. Our disaster recovery site utilizes Palo Alto Networks Next-Generation Firewalls. We are also in the process of upgrading the firewalls at our 365 sites in Pakistan to Palo Alto Networks firewalls. While budget firewalls may advertise comparable features, they often fall short of effectively detecting viruses, threats, and ransomware. In contrast, Palo Alto Networks NG Firewalls, combined with Cortex XDR, provide comprehensive threat intelligence and detection capabilities, ensuring superior security coverage. I recommend conducting a proof of concept before selecting a firewall. This will allow you to evaluate different options and determine which best suits your needs. While Palo Alto offers robust firewall solutions, it's essential to compare them with other vendors to ensure you make an informed decision.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It allowed us to consolidating multiple security devices into a single appliance."
"The greatest benefit that this has provided to our organization is that we've been able to adjust the time that it takes to implement firewall changes. It's gone from a week to less than half a day to implement a change, which means that our DevOps team can be much more agile, and there is much less overhead on the firewall team."
"I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
"A stable and solid solution for protection from external threats and for VPN connections."
"The most important feature is its categorization because on the site and social media you are unified in the way they are there."
"The firewall and policy side are easy to use."
"The product is quite robust and durable."
"The implementation is pretty straightforward."
"The most valuable features of Fortinet FortiGate are remote access, web filtering, and IPS."
"The application control features, such as Facebook blocking and Spotify blocking, are the most valuable."
"Fortinet FortiGate appears to be scalable."
"The tool is a nice product and easy to handle. The software's user interface is also good. You can easily implement remote access in the solution."
"The features that I have found most valuable are the SD-WAN and their IP4 policy."
"I like that you are able to manage FortiGate from the FortiManager to create a more centralized environment."
"The next-generation firewall is great."
"Web filtering and two-factor authentication are great features."
"The configuration is very simple."
"The application control portion of the solution is its most valuable aspect."
"It has a very good user interface. The documentation is also very good. It is very useful for monitoring things."
"I can enable the features I want and configure the policies based on the user and not all users and network traffic, making firewall management much easier."
"The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to."
"The strengths of Palo Alto Networks NG Firewalls are application visibility and application awareness. Their strong point is identifying applications for traffic. So all of the policies that are configured are related to the application and not to a port."
"The most valuable features are IPS and stateful inspection."
"Mechanically, all firewalls work in a similar fashion, but what makes Palo Alto different is that it also has some of the threat hunt capabilities. It is a little bit better than other vendors."
 

Cons

"We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out."
"Cisco ASA Firewall could improve by adding more advanced features such as web filtering, which is available in the next-generation firewalls. However, the Cisco ASA Firewall I am using could be old and these features have been updated."
"Multiple WAN connections: Even though you can implement more than one interface to outside connections, it is lacking on load balances, etc."
"It is surprising that you need to have a virtual appliance for the Firepower Management Center. It is not good if you have to setup a VMware server just for it."
"The solution’s GUI could be better."
"The overall licensing structure could improve to make the solution better."
"The ASAs are being replaced with the new Firepowers and they have a different type of structure in the configuration to be able to migrate from one to the other."
"The graphical interface could be improved. From what I have seen, Fortinet, for example, has a nicer GUI."
"The solution lacks multi-language support."
"With the reports, you can see it, and you can get good feelings so upper management can go, "Oh, wow. That looks pretty." However, it's very basic."
"The ease of use could be improved."
"They should offer special pricing to premium partners and customers."
"We would like to see an upgrade to the VPN feature, we are using the VPN from outside of our office and there is a limitation to 10 connections, more connections would be suitable."
"The documentation available for Fortinet FortiGate should be improved"
"The performance could be a bit better. Right now, I find it to be lacking. Having good performance is very important for our work."
"We would like to see better pricing."
"The configuration framework for Palo Alto Networks Next-Generation firewalls should be simplified, particularly for applications like ASG authentication."
"I would like to see better integration with IoT technologies."
"We haven't had any issues so far."
"One area for improvement with Palo Alto Networks NG Firewall would be customer support. Currently, in regions like India, customer support is handled by third-party partners. Unfortunately, the support provided by these partners has not been satisfactory. It would be beneficial if the tool handled customer support directly, similar to how Cisco maintains high-quality customer care. This would ensure that customers receive the level of support they expect."
"I like the reports, but I wish the reporting was a little better. When I set up the automatic reports to come in, they're pretty basic. I would like them to be a little more advanced at the ACC monitoring and things like that. I still enjoy all the daily alerts that I get and all the daily PDFs and reports, but I just feel that it could expand upon the visualization of the reports."
"The user interface is a bit clumsy and not very user-friendly."
"The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times."
"Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution."
 

Pricing and Cost Advice

"It is expensive. There is a cost for everything. There is per year license cost and support cost. There is also a cost for any training, any application, and any resource. Things are very costly to do with Cisco. Other brands are cheaper. They are also more flexible in terms of training, subscription, and licensing. They give lots and lots of years free. They provide more than Cisco."
"Cisco is always expensive, but you get what you pay for. It is expensive for a reason. It is a good solution, and good solutions cost money."
"We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"Cisco ASA Firewall should be cheaper."
"We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high."
"We pay a lot of money for it."
"The pricing is fair."
"The pricing is justified. It's a little pricey, but what you pay for is what you get."
"It is cost-effective, and provides a good value for your money. The pricing, and license renewal, is very reasonable for us."
"Fortinet Secure SD-WAN delivered the lowest total cost of ownership (TCO) per Mbps among all other vendors."
"We pay for the solution annually."
"The price of Fortinet FortiGate could improve, it is expensive."
"Licensing is usually on a three-year period."
"Fortinet FortiGate is expensive."
"The pricing is very reasonable."
"The price could be better. Pricing is very different compared to WatchGuard, which costs around 60 lakhs, and FortiGate, which costs approximately 40 lakhs. Palo Alto Networks costs about a crore which is very high pricing. We bought this firewall, and our organization did not want to pay so much. We spent around one crore rupees which is not within our budget at all, and we are unhappy with them."
"The pricing is straightforward with no hidden costs."
"It is not that expensive. I would rate it an eight out of ten in terms of pricing. Other than the licensing, there are no additional costs."
"While Palo Alto Networks NG Firewalls come at a premium, exceeding the cost of most competitors by 45 percent, their advanced security features, superior performance, and comprehensive threat prevention capabilities justify the investment."
"The solution’s cost is a little high compared to other products."
"It will be worth your time to hire a contractor to set it up and configure it for you, especially if you are not very knowledgeable with PA firewalls."
"After the hardware and software are procured, it is the AMC support that has to be renewed yearly."
"That solution's pricing and/or licensing are very convoluted."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
845,406 professionals have used our research since 2012.
 

Comparison Review

it_user216600 - PeerSpot reviewer
Jan 3, 2016
Sophos UTM vs. Fortinet FortiGate
I have used both Sophos and Fortinet products in production and I have found the Sophos UTM appliances (hardware and virtual) to be a better fit most of the time -- with a few caveats which I will touch on below. In both instances, the transition from TMG will be mostly straightforward. The main…
 

Top Industries

By visitors reading reviews
Educational Organization
42%
Computer Software Company
13%
Manufacturing Company
4%
Government
4%
Educational Organization
22%
Computer Software Company
14%
Comms Service Provider
7%
Manufacturing Company
6%
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Fortigate 60d vs. Meraki MX67 for a small company without a dedicated IT Department
We have Meraki Mx devices now, we are looking to replace them. But that is because the Meraki MX platform lacks SSL I...
What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?
Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firew...
Features comparison between Palo Alto and Fortinet firewalls
In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it...
Which is better - Palo Alto Networks NG Firewalls or Sophos XG?
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat si...
 

Also Known As

Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall
 

Overview

 

Sample Customers

There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls. Updated: March 2025.
845,406 professionals have used our research since 2012.