Try our new research platform with insights from 80,000+ expert users

Cisco Secure Firewall vs Palo Alto Networks VM-Series comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
318
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
Cisco Secure Firewall
Ranking in Firewalls
5th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
409
Ranking in other categories
Cisco Security Portfolio (4th)
Palo Alto Networks VM-Series
Ranking in Firewalls
12th
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
60
Ranking in other categories
Advanced Threat Protection (ATP) (9th)
 

Mindshare comparison

As of March 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 20.8%, up from 17.8% compared to the previous year. The mindshare of Cisco Secure Firewall is 5.6%, up from 5.5% compared to the previous year. The mindshare of Palo Alto Networks VM-Series is 0.7%, down from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Q&A Highlights

MM
Oct 03, 2021
 

Featured Reviews

EhabAli - PeerSpot reviewer
Efficient, user-friendly, and affordable
In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.
Maharajan S - PeerSpot reviewer
Enhances security with precise access control but has integration challenges
Overall, I would rate the product six out of ten. Because of the support and cost, I moved away from Cisco, but otherwise, it is a good product. Recommendation depends on the requirement. If lacking a proper team and being dependent on the OEM and partner, Cisco is not suitable. However, if the team is qualified with Cisco-certified people and the requirement is a big network, it can be considered. In today's hybrid work world, having an expanded gateway is more typical than having a single one. Thus, Cisco is unlikely to be recommended for a hybrid requirement unless in-house skills align. Otherwise, depending on partners and Cisco, it can be a risk. I rate the overall solution six out of ten.
AshwaniTyagi - PeerSpot reviewer
Advanced protection and good integration capabilities with good reliability
We use Palo Alto Networks VM-Series to offer services to our customers as a managed security service provider. We provide solutions and services to our customers across the globe. For example, if I want to host a firewall in the cloud or somewhere where the physical appliance is not a possibility…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution can scale well."
"There are lots of features and most of them are deployed for internet security. Users are protected if they accidentally go to some malicious sites."
"Reliability is the best feature. We faced some issues when we were setting it up, but the service, portal, and administration are good."
"Good anti-malware and web filtering features."
"I like that they have given me a solution at a fair price."
"I'm pretty happy with its reliability. It is also very scalable."
"The most valuable feature of Fortinet FortiGate is security. They are known for efficiency and are on the top of Gartner Quadrant reviews. Fortinet FortiGate has an easy-to-use platform with a good graphical interface. The configuration is simple and the solution provides an overall good layer of security."
"The multi-tenancy feature is most valuable. It integrates very well with FortiManager and FortiAnalyzer."
"There are no issues that we are aware of. It does its job silently in the background."
"I haven't had any major problems so I haven't had to open a ticket with technical support."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"The CLI is the most valuable feature. This solution is very flexible and offers different functionality including firewalls and VPN connectivity."
"Manageability of Cisco ASA. It has a GUI interface, unlike the most of Cisco IOS. For beginners they can "sneak in" and apply the command and see the actual commands that the GUI launches. In addition, Cisco has the reputation regarding security."
"Technical support services are excellent."
"We definitely feel more secure. We have more control over things going in and out of our network."
"Ease of configuration: It has gotten a lot easier to configure compared to the original Cisco Pix."
"The most valuable feature is the CLI."
"We now know a lot more detail about what our users are doing on the network."
"It has excellent scalability."
"In AWS, Palo Alto provides us a better view than flow logs for network traffic."
"The Palo Alto VM-Series is nice because I can move the firewalls easily."
"The most valuable features are the User ID, URL filtering, and application filtering."
"The most effective features for threat prevention are application-based prevention and WildFire. These features cover various threats, such as ransomware, malware, etc. They provide real-time visibility. By applying appropriate policies, threats can be blocked."
"The additional visibility, which was lacking with cloud-native tools, has improved the organization's cloud security posture. Advanced enforcement and granular security controls help manage potential threats."
 

Cons

"Lacks training for new features."
"Difficult to add or define, and not that easy to configure and manage."
"The inability to scale the FortiAnalyzer to match our growth necessitates the purchase of new hardware."
"Technical support could be better. You don't always get the level of help you need right away."
"The routing capability on the FortiGate devices has room for improvement."
"As far as wanting more scalability or things in the network diagram, it's going to cost you."
"FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."
"The command line is complicated, and the interface could be better."
"The initial setup could be simplified, as it can be complex for new users."
"It is confusing to have two management interfaces, e.g., ASDM and Firepower Management Center."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"Changes you make in the GUI sometimes do not reflect in the command line and vice versa."
"Intrusion prevention, we currently need to apply deep bracket inspection manually to use web filtering."
"It doesn't have Layer 7 security."
"I have found that Cisco reporting capabilities are not as rich as other products, so the reporting could be improved."
"There is no proper support channel to follow up on cases."
"The only minor issue we've faced is with the app's ID configuration, which requires specific matching for application filtering."
"The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway."
"With Palo Alto Networks VM-Series, it is hard for me to manage its network configuration part."
"When managing the firewall, it involves a Strata Cloud web browser that requires improvement to enhance deployment ease and call center efficiency."
"There should be an option for direct integration with the Azure platform."
"Just sometimes it can be a bit sluggish navigating through pages. That is just purely because of Java.​"
"Integrative capabilities with other solutions should be addressed."
 

Pricing and Cost Advice

"While Fortinet FortiGate has a higher price point compared to Sophos XG, its user-friendly interface justifies the cost."
"We find the most valuable aspect of this solution is the price. It is affordable, and cheaper than other firewalls."
"You need to pay a license for this solution. Our licensing is now done in our subsidiary."
"The main reason we chose Fortinet FortiGate was that the price was better than the competition."
"I would rate the pricing a five out of ten"
"The license for Fortinet FortiGate is affordable in my country."
"If you purchase a one-year subscription with the hardware and then you want to renew for the second year, it is very costly."
"Go for long term pricing negotiated at the time of purchase."
"Firepower has a very high cost and you have to pay for the standby as well, meaning that the cost is doubled."
"With AnyConnect, it depends on your license. It depends on the number of concurrent users you want to connect."
"Pricing is high."
"Cisco's prices are more or less comparable to those of other products."
"I bought a license for three years and it was really affordable."
"We have a perpetual license for all of our firewalls. For some of the features, we purchase them on demand. The pricing is decent but it could always be cheaper, we would be happier."
"Cisco smart licensing is a hassle for a disconnected environment."
"Licensing is quite difficult to get your head around. My biggest challenge is to understand the details, the inner relations. Luckily, to some extent, we have enterprise agreements, but licensing for me is a real black box."
"The solution is expensive. I rate its pricing a three out of ten."
"Palo Alto definitely needs to be more competitive compared to other products. The problem that I have faced is that the price of licensing is very high and not very competitive."
"The license fee is slightly high."
"For what you get, it does do what it says. It is a good value for an enterprise firewall.​"
"I rate Palo Alto Networks VM-Series pricing an eight out of ten."
"The box, if you do not want to buy the threat prevention license in the box, you can buy it only with the support license. It is for the support of the hardware. It works like a simple firewall. It integrates what it calls user IDs and application IDs. If you do not buy any other license, only the firewall, Palo Alto will also help you improve a lot of your security."
"The price of this solution is very high for some parts of Africa, which makes it a challenge."
"For licensing, It depends how they want to use the firewall. The firewall can be used only for IPS purposes. If you only want that firewall IPSs, you will only need a license that is called threat prevention. That license, threat prevention, includes vulnerabilities, antivirus signatures and one additional measure (that I can't remember), but it includes three measures and security updates."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
842,466 professionals have used our research since 2012.
 

Comparison Review

it_user206346 - PeerSpot reviewer
Mar 11, 2015
Cisco ASA vs. Palo Alto Networks
Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…
 

Answers from the Community

MM
Oct 3, 2021
Oct 3, 2021
hello. Capability is on par between the two vendors. Your best bet is to think about integration and how the FW will work with other tools/processes in your environment. Thanks
2 out of 4 answers
EB
Apr 30, 2021
Hello @Muhammed Eslami, @Mike Bulyk, @Javed Hashmi ​, @VishalGilatar. Can you please assist @M Mari? 
Mike Bulyk - PeerSpot reviewer
Apr 30, 2021
hello. Capability is on par between the two vendors. Your best bet is to think about integration and how the FW will work with other tools/processes in your environment. Thanks
 

Top Industries

By visitors reading reviews
Educational Organization
22%
Computer Software Company
14%
Comms Service Provider
7%
Manufacturing Company
6%
Educational Organization
42%
Computer Software Company
13%
Manufacturing Company
4%
Government
4%
Computer Software Company
16%
Financial Services Firm
13%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
Which is better - Meraki MX or Cisco ASA Firewall?
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports netw...
Features comparison between Palo Alto and Fortinet firewalls
In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it...
How does Azure Firewall compare with Palo Alto Networks VM Series?
Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the...
 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
No data available
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Warren Rogers Associates
Find out what your peers are saying about Cisco Secure Firewall vs. Palo Alto Networks VM-Series and other solutions. Updated: March 2025.
842,466 professionals have used our research since 2012.