Cisco Secure Firewall vs Palo Alto Networks NG Firewalls comparison

Cisco Secure Firewall vs. Palo Alto Networks NG Firewalls

January 2025

Download the complete report

Helped 838,713 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortinet FortiGate

Mindshare comparison

As of February 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 20.7%, up from 17.7% compared to the previous year. The mindshare of Cisco Secure Firewall is 5.6%, up from 5.6% compared to the previous year. The mindshare of Palo Alto Networks NG Firewalls is 3.2%, up from 3.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Firewalls

Q&A Highlights

Abdul Azim

Network Security Engineer at IIPL

Nov 05, 2024

What are the main differences between Palo Alto firewalls and Cisco Secure Firepower?

I will say go for Palo Alto Firewalls purely on basis of ease of management(centralised management has all features that one will need), only reason one would think of Cisco firepower if you are dependent on EIGRP as dynamic routing protocol and PA's will support anything else like BGP/OSPF for total integration and Dynamic topology, Similar to Checkpoint firewalls but much cheaper in price.We use All 3 firewall technologies , Cisco, PA and Checkpoint, if I have money I will go for checkpoint everywhere, main problem with Cisco has been centralised managed and Cisco never got it right, Central management for PA is almost there but is still not as good as Checkpoint.

Efficient, user-friendly, and affordable

Featured Reviews

EhabAli

Sr. Cybersecurity Solutions Architect at BMB

In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.

Helped with the consolidation of tools and has a great dashboard

Jordan De Sousa

Network Manager at a computer software company with 501-1,000 employees

We have used different types of solutions. We had Cisco ASA for about 10 years, and then we switched to an on-site firewall to MX from Meraki, Cisco. For our cloud, we have Cisco Services Routers. The migration to the cloud has been a lot of work. Not all of our systems were compliant with being on the cloud so we had to work on some applications and delete some of them. For the old systems, we had to do extra work but for the newer systems, it was fine. The migration took around 18 months to migrate 99%. We had more than 2,000 on-prem firewall sites. Cisco helped with the migration to the cloud with the migration tool. Migrating MX was really easy and the tools helped us to migrate from the old ASA we had to the new MX. The cloud, firewalling, and CSR helped us from the data center on-premise approach to the cloud because at the time we didn't have a lot of experience with the cloud. It was easy to use the Cisco appliances in that space. I think that this solution has saved our IT staff time because of the ease of deployment. When I first started as a network engineer, it took a whole day to configure a firewall because of all the particularities you could potentially have at a site. I think that this solution saved our organization's time because security saves money because. At the end of the day, firewalls block threats. This solution helped with the consolidation of tools as we had all the observability tools in the solutions. Some 10 years ago we all had third-party solutions doing the observability. Now, we have the whole package and not only the firewall. We choose Cisco 10 or 20 years ago mostly because it was a market-leading solution. I also think it's because of MX's user-friendly solution that you can get on board easily. As far as CSA goes, I believe it's because you have a lot of features on the firewalls and it's the stability of course.

Provides inline protection with a unified view and anti-spyware capabilities

AmjadKhan1

Head of data centers at a non-profit with 10,001+ employees

I would rate Palo Alto Networks NG Firewalls ten out of ten because it is the best. Our disaster recovery site utilizes Palo Alto Networks Next-Generation Firewalls. We are also in the process of upgrading the firewalls at our 365 sites in Pakistan to Palo Alto Networks firewalls. While budget firewalls may advertise comparable features, they often fall short of effectively detecting viruses, threats, and ransomware. In contrast, Palo Alto Networks NG Firewalls, combined with Cortex XDR, provide comprehensive threat intelligence and detection capabilities, ensuring superior security coverage. I recommend conducting a proof of concept before selecting a firewall. This will allow you to evaluate different options and determine which best suits your needs. While Palo Alto offers robust firewall solutions, it's essential to compare them with other vendors to ensure you make an informed decision.

More Fortinet FortiGate pros

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It's great for capturing the traffic and troubleshooting it."

"The pipe filter application is an outstanding feature."

"The flexibility and ease of configuration are the most valuable features."

"I have found Fortinet FortiGate to be scalable."

"This is a quality product with ok support, and it is better than the competition we've tried."

"It blocks the vulnerabilities that can negatively impact us."

"There is an easy process for configuring it, and it is straightforward to implement the device from scratch."

"Good performance, stability, and virtual domain ability."

"The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control."

"I like the ASDM for the firewall because it is visual. With the command line, it is harder to visualize what is going on. A picture is worth a thousand words."

"The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one."

"Stability is perfect. I haven't had any problems."

"The clusters in data centers are great."

"The most valuable features are the provision of internet access, AnyConnect, and VPN capabilities."

"The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ."

"In v9.8 you are able to do active/backup HA with ASAv (Adaptive Security Virtual Appliance) deployed on MS Azure."

More Cisco Secure Firewall pros

"Some of the valuable features in this solution are traffic monitoring, GUI functionality, and it very easy to troubleshoot if there is any problem that happens."

"I typically get involved with it when it comes to audit and compliance and having to gather evidence of those firewalls, routers, and rule sets. The evidence that I typically need is there."

"Application control, IPS, and sandboxing towards the cloud are the most valuable features. It is a very user-friendly product with a very easy-to-use interface."

"I find all the features valuable, including the segmentation and cloud-distributed security profiles."

"The most valuable features of Palo Alto Networks NG Firewalls are Threat Vault and AutoFocus."

"We have found the application control to be the most valuable feature. Also, Layer 7, because all other products are working up to the maximum capacity. But Palo Alto is benefiting us, especially in application control management. We are able to differentiate between Oracle traffic and SQL traffic."

"The solution's most valuable feature is the robust firewall, which we can also use as a UTM device."

"Operationally, it is easier, and the manageability and their security features are good."

More Palo Alto Networks NG Firewalls pros

Cons

"Fortinet FortiGate is a stable solution. However, my issue is the performance only. When I use all the profiles, this affects the performance. From the beginning, I should have had a better sizing of the box."

"The Wi-Fi controller needs a lot of improvement."

"The configuration part was challenging, especially converting configurations from another OEM to FortiGate."

"Fortinet FortiGate is a firewall solution and once it's deployed, you can rest assured that your system is secure."

"The anti-malware engine could use an upgrade."

"We have an issue with hotel guest vouchers."

"A couple of things I've seen that need improvement, especially in terms of a hard coding. The driver-level active moment really is out-of-the-box and we have to have contact the customer support and sometimes it is difficult to resolve."

"The central management for the FortiGate Fortinet Firewall needs improvement. They have the manager to do the essential management for both SD-WAN and for the security policy. They should also improve the SD-WAN function."

More Fortinet FortiGate cons

"In terms of what could be improved, I would say the UTM part should be more integrated for one price, because if you buy ASA from Cisco, you need to buy another contract service from Cisco as a filter for the dictionary of attacks. In Fortinet, you buy a firewall and you have it all."

"If you need to reschedule a call with the support team when you face a new issue with the product, then it may get a bit of a problem to get a hold of someone from the support team of Cisco."

"I see room for improvement when it comes to integrating all the devices into a central management system. Cisco doesn't provide this, but there are some good products in the market that can provide it."

"It would be great to have all the data correlated to have an overview and one point of administration."

"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."

"Cisco is still catching up with its Firepower Next-Generation firewalls."

"One of the challenges we've had with the Cisco ASA is the lack of a strong controller or central management console that is dependable and reliable all the time."

"They could improve by having more skilled, high-level engineers that are available around the clock. I know that's an easy thing to say and a hard thing to do."

More Cisco Secure Firewall cons

"The scalability of the firewalls could be improved."

"The first level of support will usually do nothing for you. If you're an IT company, you're not looking for level one support. You need to escalate. Other vendors have a direct support line for enterprise clients, but not Palo Alto."

"It's too expensive."

"Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution."

"Currently, they don't have email protection. They can maybe add it in the future. Currently, if you want to do so, you need to go with another solution."

"I would like to see more integration."

"The machine learning in Palo Alto NG Firewalls for securing networks against threats that are able to evolve and morph rapidly is good, in general. But there have been some cases where we get false positives and Palo Alto has denied traffic when there have been new updates and signature releases. Valid traffic gets blocked. We have had some bad experiences with this. If there were an ability, before it denies traffic, to get some kind of notification that some traffic is going to be blocked, that would be good."

"The configuration framework for Palo Alto Networks Next-Generation firewalls should be simplified, particularly for applications like ASG authentication."

More Palo Alto Networks NG Firewalls cons

Pricing and Cost Advice

"It's an expensive solution."

"It is expensive. You need to pay for the subscription every year, which is very expensive. The subscription includes technical support and hardware exchange in case of failure."

"Fortinet is the least expensive solution."

"It has been two years. I don't remember the actual price, but it was affordable. We buy the boxes and then use the license for three years."

"The price is highly competitive when compared to other brands that offer similar functionality."

"For medium and enterprise organizations, FortiGate is more affordable."

"The price range is quite acceptable and normal."

"Fortinet Secure SD-WAN delivered the lowest total cost of ownership (TCO) per Mbps among all other vendors."

More Fortinet FortiGate pricing and cost advice

"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."

"We've gone to all smart licensing, so that works well."

"Pricing is why we had to go for a UTM. For us to achieve what we needed, if we had gone with the ASA, the cost would have been high compared to getting one box (UTM)."

"I think Cisco's price is in the right space now. They have discounts for customers at various levels. I think they're in the right spot. However, Cisco can be expensive when you factor in these additional features."

"Cisco is not really cheap, but there is great technology behind it."

"This solution might be expensive, but it is economical in the long run."

"It's a brilliant firewall, and the fact that it comes with a perpetual license really does go far in terms of helping the organization in not having to deal with those costs on an annual basis. That is a pain point when it comes to services like the ones we have on Fortigate. That's where we really give Cisco firewalls the thumbs up."

"Watch out for hidden licensing and incredibly high annual maintenance costs."

More Cisco Secure Firewall pricing and cost advice

"It has a yearly subscription."

"It is an expensive solution."

"This is not the firewall to choose if you are looking for the cheapest and fastest solution. Palo Alto NGFWs are expensive. By the time you license them up and get them fully functional, you have spent quite a bit of money. If it is a small branch office with 10 to 15 users, that is hard to justify."

"The price is high."

"Palo Alto Networks NG Firewalls are expensive compared to other firewalls such as FortiGate Next Generation Firewall."

"Palo Alto Networks NG Firewalls is expensive, but it is worth its price."

"I would assume that it's still within mid-range given its company structure and everything else. My guess is it's still okay."

"Palo Alto Networks NG Firewalls are expensive."

More Palo Alto Networks NG Firewalls pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.

See recommendations

838,713 professionals have used our research since 2012.

Comparison Review

it_user206346

Security Consultant at Webernetz.net - Network Security Consulting

Mar 11, 2015

Cisco ASA vs. Palo Alto Networks

Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…

What are the main differences between Palo Alto firewalls and Cisco Secure Firepower?

Answers from the Community

Abdul Azim

Network Security Engineer at IIPL

Nov 5, 2024

See 2 answers

Raj Metkar

Director, Head of Networks at MUFG, EMEA

Sep 10, 2024

Read full answer

Bijo Abraham

Technical Consultant | Network and Security at Interconnect Consulting Limited

Nov 5, 2024

When considering a firewall solution, Palo Alto Networks stands out in terms of advanced security features, AI-driven automation, and ease of management. These attributes make it an ideal choice for organizations looking to not only secure their networks today but also protect themselves from the evolving cyber threats of tomorrow. In comparison, Cisco Firepower, while a solid solution, lacks the same level of integrated AI capabilities, cloud-readiness, and seamless management interface. Given these factors, Palo Alto Networks offers superior protection, greater operational efficiency, and long-term scalability — all of which align with modern business requirements for agility, security, and growth. We strongly recommend that the organization adopt Palo Alto Networks Firewalls to meet current and future security needs. This recommendation aligns with the organization’s objectives of reducing complexity, improving security posture, and preparing for future threats with an intelligent and easily manageable security solution.

Read full answer

Top Industries

By visitors reading reviews

Educational Organization

22%

Computer Software Company

14%

Comms Service Provider

Manufacturing Company

Educational Organization

40%

Computer Software Company

13%

Manufacturing Company

Government

Computer Software Company

15%

Financial Services Firm

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?

When you compare these firewalls you can identify them with different features, advantages, practices and usage a...

What is the biggest difference between Sophos XG and FortiGate?

From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...

What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?

As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...

Which is better - Fortinet FortiGate or Cisco ASA Firewall?

One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...

How does Cisco's ASA firewall compare with the Firepower NGFW?

It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...

Which is better - Meraki MX or Cisco ASA Firewall?

Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports netw...

What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?

Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firew...

Features comparison between Palo Alto and Fortinet firewalls

In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it...

Which is better - Palo Alto Networks NG Firewalls or Sophos XG?

Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat si...

Sophos XG vs Fortinet FortiGate

Comparisons

Compared 23% of the time

Netgate pfSense vs Fortinet FortiGate

Compared 13% of the time

WatchGuard Firebox vs Fortinet FortiGate

Compared 5% of the time

Meraki MX vs Fortinet FortiGate

Compared 5% of the time

SonicWall TZ vs Fortinet FortiGate

Compared 5% of the time

More Fortinet FortiGate Competitors

Palo Alto Networks WildFire vs Cisco Secure Firewall

Compared 10% of the time

Netgate pfSense vs Cisco Secure Firewall

Compared 6% of the time

Meraki MX vs Cisco Secure Firewall

Compared 4% of the time

OPNsense vs Cisco Secure Firewall

Compared 4% of the time

Sophos XG vs Cisco Secure Firewall

Compared 3% of the time

More Cisco Secure Firewall Competitors

Check Point NGFW vs Palo Alto Networks NG Firewalls

Compared 12% of the time

Azure Firewall vs Palo Alto Networks NG Firewalls

Compared 11% of the time

Meraki MX vs Palo Alto Networks NG Firewalls

Compared 10% of the time

Sophos XG vs Palo Alto Networks NG Firewalls

Compared 9% of the time

OPNsense vs Palo Alto Networks NG Firewalls

Compared 5% of the time

More Palo Alto Networks NG Firewalls Competitors

Product Reports

Download Fortinet FortiGate product report

Fortinet FortiGate

February 2025

Download Cisco Secure Firewall product report

Cisco Secure Firewall

February 2025

Palo Alto Networks NG Firewalls

February 2025

Download Palo Alto Networks NG Firewalls product report

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall

Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall

Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall

Overview

Fortinet FortiGate offers comprehensive network security and firewall protection across multiple locations. It effectively manages data traffic and secures environments with features like VPN, intrusion prevention, and UTM controls.

Organizations rely on Fortinet FortiGate for its robust integration with advanced security policies, ensuring significant protection for enterprises, cloud environments, and educational sectors. It facilitates network segmentation, application-level security, and authentication management, securing communication within and between locations such as branches and data centers. Its efficient SD-WAN and UTM features enable streamlined data management and enhanced threat protection capabilities. Users appreciate its centralized management, facilitating seamless operations across diverse environments.

What are the key features of Fortinet FortiGate?

VPN Capabilities: Ensure secure remote access for users and seamless site-to-site connections.
Intrusion Prevention System (IPS): Detect and prevent security threats and vulnerabilities.
Advanced Firewall: Offers robust firewalling with application control and web filtering.
SD-WAN: Optimizes application performance and enhances bandwidth management.
SSL VPN: Provides reliable and secure access for remote workers.

What benefits should users expect from Fortinet FortiGate?

High-performance Security: Delivers effective threat mitigation with high availability.
Centralized Management: Simplifies network operations with cloud-based management tools.
Detailed Analytics: Provides comprehensive insights into network activity and security threats.
Load Balancing: Ensures optimal resource distribution and traffic management.

Fortinet FortiGate is crucial in sectors like education, offering robust networks for secure data flow between campuses and facilitating remote learning. In enterprise environments, it allows efficient management of application traffic and security across multiple branches, while in the cloud, it seamlessly integrates with diverse platforms to enhance security infrastructure.

Fortinet

Cisco Secure Firewall stands as a robust and adaptable security solution, catering to organizations of all sizes. It's designed to shield networks from a diverse array of cyber threats, such as ransomware, malware, and phishing attacks. Beyond mere protection, it also offers secure access to corporate resources, beneficial for employees, partners, and customers alike. One of its key functions includes network segmentation, which serves to isolate critical assets and minimize the risk of lateral movement within the network.

The core features of Cisco Secure Firewall are multifaceted:

Advanced threat protection is achieved through a combination of intrusion prevention, malware detection, and URL filtering technologies.
For secure access, the firewall presents multiple options, including VPN, remote access, and single sign-on.
Its network segmentation capability is vital in creating barriers within the network to safeguard critical assets.
The firewall is scalable, effectively serving small businesses to large enterprises.
Management is streamlined through Cisco DNA Center, a central management system.

The benefits of deploying Cisco Secure Firewall are substantial. It significantly reduces the risk of cyberattacks, thereby enhancing the security posture of an organization. This security also translates into increased productivity, as secure access means uninterrupted work. Compliance with industry regulations is another advantage, as secure access and network segmentation align with many regulatory standards. Additionally, it helps in reducing IT costs by automating security tasks and simplifying management processes.

In practical scenarios, Cisco Secure Firewall finds diverse applications. It's instrumental in protecting branch offices from cyberattacks, securing remote access for various stakeholders, safeguarding cloud workloads, and segmenting networks to isolate sensitive areas.

User reviews from PeerSpot reflect an overall positive experience with the Cisco Secure Firewall. Users appreciate its ease of configuration, good management capabilities, robust protection, user-friendly interface, and scalability. However, some areas for improvement include better integration capabilities with other vendors, maturity, control over bandwidth for end-users, and addressing software bugs.

In summary, Cisco Secure Firewall is a comprehensive, versatile, and reliable security solution that effectively meets the security needs of various organizations. It offers a balance of advanced protection, user-friendly management, and scalability, making it a valuable asset in the realm of network security.

Cisco

Palo Alto Networks NG Firewalls offer comprehensive security, including application control, traffic shaping, threat prevention, and load balancing, designed to secure internal networks, perimeter protection, VPN services, and cloud environments.

Palo Alto Networks NG Firewalls are a key choice for managing and protecting data centers, securing remote access, network segmentation, malware prevention, and ensuring high availability and performance for business-critical applications. Known for stability and strong security, these firewalls use application-aware identifiers and IPS/IDS subscriptions to offer advanced threat protection. The unified platform facilitates seamless integration, while GlobalProtect and centralized management via Panorama enhance ease of use. However, there are areas for improvement, including pricing strategies, training, user support, and integration with third-party applications.

What are the essential features?

Stability: Reliable performance in different environments.
Application Control: Identifies applications to manage traffic.
Advanced Threat Protection: Includes DNS security, WildFire, and machine learning.
GlobalProtect: Secure remote access for users.
Centralized Management: Managed via the Panorama platform.

What benefits or ROI should users expect?

Security: Protects against threats with robust features.
User-Friendly: Simplified interface and easy configuration.
High Availability: Ensures performance for critical applications.
Integration: Seamless with existing systems and applications.
Support: Reliable technical support and resources.

In industries like finance, healthcare, and retail, Palo Alto Networks NG Firewalls secure sensitive data and meet regulatory requirements. These firewalls help manage large-scale networks in these sectors, providing essential security features and maintaining high-performance standards. They are implemented to ensure compliance, protect patient information, secure financial transactions, and safeguard customer data.

Palo Alto Networks

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya

There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.

SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments