Try our new research platform with insights from 80,000+ expert users

Cisco Secure Firewall vs Netgate pfSense comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
318
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
Cisco Secure Firewall
Ranking in Firewalls
5th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
409
Ranking in other categories
Cisco Security Portfolio (4th)
Netgate pfSense
Ranking in Firewalls
1st
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
215
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of March 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 20.8%, up from 17.8% compared to the previous year. The mindshare of Cisco Secure Firewall is 5.6%, up from 5.5% compared to the previous year. The mindshare of Netgate pfSense is 15.2%, down from 22.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

EhabAli - PeerSpot reviewer
Efficient, user-friendly, and affordable
In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.
Maharajan S - PeerSpot reviewer
Enhances security with precise access control but has integration challenges
Overall, I would rate the product six out of ten. Because of the support and cost, I moved away from Cisco, but otherwise, it is a good product. Recommendation depends on the requirement. If lacking a proper team and being dependent on the OEM and partner, Cisco is not suitable. However, if the team is qualified with Cisco-certified people and the requirement is a big network, it can be considered. In today's hybrid work world, having an expanded gateway is more typical than having a single one. Thus, Cisco is unlikely to be recommended for a hybrid requirement unless in-house skills align. Otherwise, depending on partners and Cisco, it can be a risk. I rate the overall solution six out of ten.
Vincent Hamm - PeerSpot reviewer
I appreciate the depth of what the solution can do and the simplicity of the initial setup
We do a lot of managed services and are currently trying to get people off of L2TP VPN. Apparently, we can download a mobile config file from a configured NetGate device, and we're primarily Apple. We've experimented with it on a device that's not a production device, and we can't seem to get the phase one IPSec set correctly so that the Apple config will accept it. We've tried looking at the documentation but haven't found anything. While it's not the highest priority, it is rather frustrating. We'd like to do this, and the feature is right there, but we can't get it configured. We certainly don't want to try it on a production machine because it will break the current VPN. I would like to download the Apple mobile config so that I can tell it to configure my VPN connection to do that. We have some cross-platform things. So there's also a Windows VPN. You can download a script or a PowerShell, put it on a Windows machine, and it can connect to the VPN. It would be nice if I could say I want Mac only, Windows only, or both. I wish it could configure the IPSec phase one and phase two, or at least give me solid instructions on how to configure that. It doesn't supply out-of-the-box visibility to drive decisions. You get 75 log lines, so if you're trying to troubleshoot something, you have to look at one log and then another. It integrates with SysLog systems, but our customers are not at the level where they want to pay for some third-party SysLog system. Usually, we can get things taken care of fairly quickly. I would like to have the ability to control all my devices from one place. With Ubiquiti, you can get a controller that allows you to control all of your Wi-Fi devices, switches, and routers. From one area, you can switch to that customer and see what's happening in their environment. That's not part of pfSense. I understand why it's not because pfSense is open source and community supported. That's something that someone in the community needs to pick up and run with. It's not something the pfSense can easily implement. If they could, that'd be great.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Fortinet FortiGate is a stable solution."
"The product has been very stable, based on my ten to eleven years of experience."
"We were looking for the VPN feature and controlling the inflow and outflow of all the traffic within the site and across the sites. We are also using it for the VPN and VLANs."
"What I like the most is the configuration and that it's simple, and straightforward to maintain."
"The product is easy to use and is stable. The SV1 functionality is a benefit."
"Fortinet FortiGate is easy to use."
"The most valuable features of the solution are SD-WAN, filtering testing applications, web filtering, and the new VPN."
"I am "headache free" that I don't have to categorize all the websites and that security has been pre categorized by the people, and that the services are getting updated. At least one part of my problem is over."
"It is very stable compared to other firewall products."
"It's very stable and mature."
"VPN and firewall are good features."
"It is much better than most of the other firewalls that I have worked with."
"The best features are stability and scalability."
"Because of the deeper inspection it provides we have better security and sections that allow users broader access."
"The main thing that I love the most is its policy and objects. Whenever I try to give access to a user, I can create an object via group creation in the object fields. This way, I am not able to enter a user in the policy repeatedly."
"I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment."
"It is a stable solution. It is also easy to install and can be deployed and maintained by one team member."
"pfSense pricing is extremely competitive, and it delivers exactly what is advertised."
"My technicians find the pfSense's web interface very useful. It is very easy to use. pfSense is very reliable and stable. We like the OpenVPN clients that can be deployed using pfSense very much."
"It's a good solution for end-users. It's pretty easy to work with."
"It has a very nice web interface, and it is very simple to use. The way policies are working is also good."
"It works. I put pfSense in, and it works. I can't think of any trouble I ever had with it. It runs on heat-sensitive appliances. They don't need a fan, so they don't overheat. It is affordable, fast, and very high-speed. It is built on BSD Unix, and it pretty much runs on any Intel processor."
"The gain in performance and security from configuring the VPN connections was significant."
"The flexibility of adding new kinds of services without spending any money can't be beaten."
 

Cons

"Price, of course, can always be more competitive or better."
"At first glance, the interface for the device is very confusing."
"Technical support could be better. You don't always get the level of help you need right away."
"I have to say that the initial setup was complex. The deployment took a few days to get set up. Initially, we were using an IPVanish. We switched to this tool since we thought it would be easier. But it turns out it wasn't easier to set up and run."
"With the addition of some features, it is possible that FortiGate can be used in all verticals."
"FortiGate can improve its token system, as it requires a purchase before use."
"The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall."
"FortiGate is really good. We have been using it for quite some time. Initially, when we started off, we had around 70 plus devices of FortiGate, but then Check Point and Palo Alto took over the place. From the product perspective, there are no issues, but from the account perspective, we have had issues. Fortinet's presence in our company is very less. I don't see any Fortinet account managers talking to us, and that presence has diluted in the last two and a half or three years. We have close to 1,500 firewalls. Out of these, 60% of firewalls are from Palo Alto, and a few firewalls are from Check Point. FortiGate firewalls are very less now. It is not because of the product; it is because of the relationship. I don't think they had a good relationship with us, and there was some kind of disconnect for a very long time. The relationship between their accounts team and my leadership team seems to be the reason for phasing out FortiGate."
"Its configuration through GUI as well as CLI can be improved and made easier."
"One of the challenges we've had with the Cisco ASA is the lack of a strong controller or central management console that is dependable and reliable all the time."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."
"Intrusion prevention, we currently need to apply deep bracket inspection manually to use web filtering."
"Managing various product integrations, such as Umbrella, is challenging."
"When we first got it, we were doing individual configuring. Now, there is a way to manage from one location."
"ASDM can be improved."
"There are several levels of firewall configuration such as beginner, advanced, and expert configurations. At each level, it becomes more complex and more tricky to set up the firewall. For example, if you want to install the firewall on your computer system, it would be a lot easier if it just tells you that this is the internet NIC and this is the Wi-Fi NIC."
"Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually."
"One of the features I know they are working on and would like to see improved is the single pane of glass. They have a beta feature available right now that is good, but I would like to see that more developed and made available to customers sooner rather than later. It is currently very basic."
"The integration could be improved."
"The solution requires a lot of administration."
"The solution's internal logging could be improved."
"It would be great for the solution to have better logs."
"The user interface needs improvement. Even though it's a system that's easy to get working upon installation, the configurations are not intuitive."
 

Pricing and Cost Advice

"It is too expensive for us. My organization is very small, and we have a total of ten users. We have three internal users and seven external users. The FortiGate 100D series is too expensive for renewing the licenses."
"I do not have first-hand experience with the rice of Fortinet FortiGate, but I have heard the price was reasonable."
"The price is fair compared to the other competitors."
"Fortinet FortiGate is reasonably priced."
"Fortinet has more device options that are affordable for small businesses than Palo Alto, and its enterprise-level models are also cheaper. Palo Alto also has a separate license for VPN connections and SD-WAN, but FortiGate offers these features standard."
"Fortinet FortiGate's price can be reduced."
"Our licensing costs are on a yearly basis."
"They are very competitive, but we like to have the factory warranty taken care of."
"It is expensive. There is a cost for everything. There is per year license cost and support cost. There is also a cost for any training, any application, and any resource. Things are very costly to do with Cisco. Other brands are cheaper. They are also more flexible in terms of training, subscription, and licensing. They give lots and lots of years free. They provide more than Cisco."
"I just bought it off the shelf, and I'm using it with my previous one, so I have not spent that much."
"Based on the services that you will get, especially the AMP license, the price is very reasonable."
"For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
"The pricing for Cisco products is higher than others, but Cisco is a very good, strong, and stable technology."
"It was initially heavy on my pocket, but it soon actualised its worth."
"With the bundling mode with Duo licensing, it's now better. It's better to have one simplified global licensing mode, and this is what Cisco has done with bundling. The next-generation firewalls include a set of features such as filtering, emails, and IPS. This combination offers the best way for customers to manage their operating expenses."
"This is an expensive product, although when you buy this solution, you can do many things so it provides good value for the investment."
"It is open source."
"It is economical (i.e., free)."
"The solution is free. However, you need to pay for support."
"The solution software does not require a license, it is free. The support contract is about $600 dollars."
"All costs are low compared to other solutions. The hardware is stable and cheap."
"Hardware costs more than $500. The cloud version costs me $50 a month."
"It's highly cost-effective for both the average consumer and business users."
"PFSENSE turns out to be very economical, the license is free and for little money you get very good support"
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
842,388 professionals have used our research since 2012.
 

Comparison Review

it_user206346 - PeerSpot reviewer
Mar 11, 2015
Cisco ASA vs. Palo Alto Networks
Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…
 

Top Industries

By visitors reading reviews
Educational Organization
22%
Computer Software Company
14%
Comms Service Provider
7%
Manufacturing Company
6%
Educational Organization
42%
Computer Software Company
13%
Manufacturing Company
4%
Government
4%
Computer Software Company
15%
Comms Service Provider
11%
Educational Organization
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
Which is better - Meraki MX or Cisco ASA Firewall?
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports netw...
Help me find the best open source router
You don't really specify what type of router you are looking for but if you are talking about a gateway router I reco...
How do I choose between Fortinet FortiGate and pfSense?
Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigat...
What is the difference between PfSense and OPNsense?
Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and cl...
 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
No data available
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Nerds On Site Inc., RKC Development Inc., Expertech, Fisher's Technology, Ncisive, Consulting, CPURX, Vaughn's Computer House Calls, Imeretech LLC, Digital Crisis, Carolina Digital Phone, Technigogo Technology Services, The Simple Solution, SwiftecITInc, Rocky Mountain Tech Team, Free Range Geeks, Alaska Computer Geeks, Lark Information Technology, Renaissance Systems Inc., Cutting Edge Computers, Caretech LLC, GoVanguard, Network Touch Ltd, P.C. Solutions.Net, Vision Voice and Data Systems LLC, Montgomery Technologies, Techforce, Concero Networks, ASONInc, CPS Electronics and Consulting, Darkwire.net LLC, IT Specialists, MBS-Net Inc., VOICE1 LLC, Advantage Networking Inc., Powerhouse Systems, Doxa Multimedia Inc., Pro Computer Service, Virtual IT Services, A&J Computers Inc., Envision IT LLC, CommunicaONE Inc., Bone Computer Inc., Amax Engineering Corporation, QPG Ltd. Co., IT 101 Inc., Perfect Cloud Solutions, Applied Technology Group Inc., The Digital Sun Group LLC, Firespring
Find out what your peers are saying about Cisco Secure Firewall vs. Netgate pfSense and other solutions. Updated: March 2025.
842,388 professionals have used our research since 2012.