Try our new research platform with insights from 80,000+ expert users

Cisco Secure Firewall vs Palo Alto Networks VM-Series comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
318
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
Cisco Secure Firewall
Ranking in Firewalls
5th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
409
Ranking in other categories
Cisco Security Portfolio (3rd)
Palo Alto Networks VM-Series
Ranking in Firewalls
13th
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
60
Ranking in other categories
Advanced Threat Protection (ATP) (10th)
 

Mindshare comparison

As of February 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 20.7%, up from 17.7% compared to the previous year. The mindshare of Cisco Secure Firewall is 5.6%, up from 5.6% compared to the previous year. The mindshare of Palo Alto Networks VM-Series is 0.7%, down from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Q&A Highlights

MM
Oct 03, 2021
 

Featured Reviews

EhabAli - PeerSpot reviewer
Efficient, user-friendly, and affordable
In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.
Jordan De Sousa - PeerSpot reviewer
Helped with the consolidation of tools and has a great dashboard
We have used different types of solutions. We had Cisco ASA for about 10 years, and then we switched to an on-site firewall to MX from Meraki, Cisco. For our cloud, we have Cisco Services Routers. The migration to the cloud has been a lot of work. Not all of our systems were compliant with being on the cloud so we had to work on some applications and delete some of them. For the old systems, we had to do extra work but for the newer systems, it was fine. The migration took around 18 months to migrate 99%. We had more than 2,000 on-prem firewall sites. Cisco helped with the migration to the cloud with the migration tool. Migrating MX was really easy and the tools helped us to migrate from the old ASA we had to the new MX. The cloud, firewalling, and CSR helped us from the data center on-premise approach to the cloud because at the time we didn't have a lot of experience with the cloud. It was easy to use the Cisco appliances in that space. I think that this solution has saved our IT staff time because of the ease of deployment. When I first started as a network engineer, it took a whole day to configure a firewall because of all the particularities you could potentially have at a site. I think that this solution saved our organization's time because security saves money because. At the end of the day, firewalls block threats. This solution helped with the consolidation of tools as we had all the observability tools in the solutions. Some 10 years ago we all had third-party solutions doing the observability. Now, we have the whole package and not only the firewall. We choose Cisco 10 or 20 years ago mostly because it was a market-leading solution. I also think it's because of MX's user-friendly solution that you can get on board easily. As far as CSA goes, I believe it's because you have a lot of features on the firewalls and it's the stability of course.
AshwaniTyagi - PeerSpot reviewer
Advanced protection and good integration capabilities with good reliability
We use Palo Alto Networks VM-Series to offer services to our customers as a managed security service provider. We provide solutions and services to our customers across the globe. For example, if I want to host a firewall in the cloud or somewhere where the physical appliance is not a possibility…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It can expand easily."
"The most valuable features of Fortinet FortiGate are the rules and quality of service."
"I like Fortinet FortiGate's antispam filter, SPN, and clustering features."
"The most valuable features are that it is very simple to configure and to manage."
"The features that I have found most valuable are the SD-WAN and their IP4 policy."
"I appreciate FortiGate's flexibility, which allows for centralized management through FortiManager."
"The features that we have found most valuable are the SSL VPN and the User Portal."
"The initial setup of Fortinet FortiGate was straightforward."
"Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good."
"The initial setup was completely straightforward."
"If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering."
"The most important feature is its categorization because on the site and social media you are unified in the way they are there."
"The user interface is easy to navigate."
"The solution is excellent for enterprise-level networks."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"The most valuable feature is that you can control your traffic flowing out and coming it, allowing you to apply malware and threat protection, as well as vulnerability checks."
"Scalability is a strength of Palo Alto VM-Series."
"Using Palo Alto Networks Panorama, we were able to deploy a single point of management and visualization of the firewall infrastructure in cloud, on-premise and integrated with Azure to automate scale up. Its security features, i.e. anti-malware, threat prevention, URL Filtering, VPN, and antivirus are the most valuable. The ID-User integrated with AD and 2FA features are also very useful to provide secure access to servers and some users in the company. "
"The technical support for the solution is very good."
"It scales linearly with load and no issues."
"A solid operating system with all the necessary data center security features."
"The most effective features for threat prevention are application-based prevention and WildFire. These features cover various threats, such as ransomware, malware, etc. They provide real-time visibility. By applying appropriate policies, threats can be blocked."
"It has excellent scalability."
 

Cons

"We'd like more management across other integrations."
"The documentation available for Fortinet FortiGate should be improved"
"I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE."
"Fortinet FortiGate could improve the user interface. There should be more functionality and options through the GUI."
"There are some complex administration tasks in their administration portal. That needs to be improved."
"Backup can be improved."
"The UTM filtering needs improvement."
"There are some cloud-based features that could be much more flexible than they currently are."
"The graphical interface should be improved to make the configuration easier, to do things with a single click."
"We have seen some bugs come up with Cisco Secure Firewall in terms of high availability. The solution should be improved to avoid these bugs."
"You have to know the ASA command line very well because not all operations are available in the graphical interface"
"I have used Fortinet, Palo Alto, and Check Point previously and I prefer the process of everything working together."
"Changes you make in the GUI sometimes do not reflect in the command line and vice versa."
"The ASA needs to incorporate the different modules you have to integrate to achieve UTM functions, especially for small businesses."
"While this applies to all vendors, pricing can be always lower. In my opinion, Cisco is the most expensive. The pricing can be reduced."
"You need to have a little bit of knowledge to be able to configure it. Otherwise, it would be very difficult to configure because there is no GUI. The latest software available in the market has a GUI and probably zero-touch provisioning and auto-configuration. All these things are not available in our version. You need to manually go and configure everything in the switch. In terms of new features, we would definitely want to have URL-based filtering, traffic steering, and probably a little bit steering in the bandwidth based on the per-user level and per-user group. We will definitely need some of these features in the near future."
"When managing the firewall, it involves a Strata Cloud web browser that requires improvement to enhance deployment ease and call center efficiency."
"Its web interface is a bit outdated, and it needs to be updated. They can also improve the NAT functionality. We have had issues with the NAT setup."
"The tool is very costly."
"It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity."
"I find it difficult to reach technical support at Palo Alto Networks."
"People are less aware of Palo Alto."
"Palo Alto Networks VM-Series needs to improve its order process."
"Enhancing the ease of accessing technical support would be useful."
 

Pricing and Cost Advice

"The price is high compared to some of the other solutions."
"If the customer is looking for SD-WAN, it comes free with FortiGate."
"The price depends on the size of the company. From the beginning, you just want to know the internet bandwidths, speed, and the number of users to be able to offer the right product and model. They have a lot of products in FortiGate according to the size of the company, like 200D and 300D."
"​We saved a bundle by not needing all the past appliances from an NGFW.​"
"While Fortinet FortiGate has a higher price point compared to Sophos XG, its user-friendly interface justifies the cost."
"The price of Fortinet FortiGate could improve, it is expensive."
"The solution requires a license annually, it is not a user license, you can have as many users as your want. I must renew the license regularly per device."
"They are very competitive, but we like to have the factory warranty taken care of."
"Cisco is cheaper than Check Point although it is not as cheap as Fortigate. But with the latest improvements in hardware and speed, the pricing is okay."
"ASA pricing seems high compared to other firewalls, such as the Sophos XG models."
"The prices of Cisco Secure Firewall are competitive, especially for us as Cisco partners. We purchase the products directly from Cisco as a gold partner, which allows us to obtain better pricing than we would get from normal distributors or the local market."
"We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement."
"The solution was chosen because of its price compared to other similar solutions."
"Always plan ahead for three years. In other words, do not buy a firewall on what your needs are today, but try to predict where you will be three years from now in terms of bandwidth, security requirements, and changes in organizational design."
"Pricing is the same as other competitors. It is comparable. The licensing has gotten better. It has been easier with Smart Licensing."
"We looking for a possible new solution because of the licensing and VPN.​"
"Based on the customer budget, they can choose from 12-month, 36-month, or 60-month licensing models."
"The price of this solution is very high for some parts of Africa, which makes it a challenge."
"The pricing and licensing are reasonable."
"The box, if you do not want to buy the threat prevention license in the box, you can buy it only with the support license. It is for the support of the hardware. It works like a simple firewall. It integrates what it calls user IDs and application IDs. If you do not buy any other license, only the firewall, Palo Alto will also help you improve a lot of your security."
"It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years."
"Sometimes, it's cheaper to buy a new firewall with licensing instead of renewing the licenses of an old firewall."
"There is a need to make payments toward a yearly subscription-based model in which you need to add modules that you want to use in your company."
"Initially, pricing was high. Later on, we were able to negotiate the pricing and get something that fits our budget."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
838,640 professionals have used our research since 2012.
 

Comparison Review

it_user206346 - PeerSpot reviewer
Mar 11, 2015
Cisco ASA vs. Palo Alto Networks
Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…
 

Answers from the Community

MM
Oct 3, 2021
Oct 3, 2021
hello. Capability is on par between the two vendors. Your best bet is to think about integration and how the FW will work with other tools/processes in your environment. Thanks
2 out of 4 answers
EB
Apr 30, 2021
Hello @Muhammed Eslami, @Mike Bulyk, @Javed Hashmi ​, @VishalGilatar. Can you please assist @M Mari? 
Mike Bulyk - PeerSpot reviewer
Apr 30, 2021
hello. Capability is on par between the two vendors. Your best bet is to think about integration and how the FW will work with other tools/processes in your environment. Thanks
 

Top Industries

By visitors reading reviews
Educational Organization
22%
Computer Software Company
14%
Comms Service Provider
6%
Manufacturing Company
6%
Educational Organization
40%
Computer Software Company
13%
Manufacturing Company
4%
Government
4%
Computer Software Company
16%
Financial Services Firm
12%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
Which is better - Meraki MX or Cisco ASA Firewall?
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports netw...
Features comparison between Palo Alto and Fortinet firewalls
In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it...
How does Azure Firewall compare with Palo Alto Networks VM Series?
Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the...
 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
No data available
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Warren Rogers Associates
Find out what your peers are saying about Cisco Secure Firewall vs. Palo Alto Networks VM-Series and other solutions. Updated: January 2025.
838,640 professionals have used our research since 2012.