You are comparing a piece of old equipment with a true next-gen firewall.
Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent.
But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.
IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 20
2022-05-11T12:43:17Z
May 11, 2022
Chalk and cheese!
I'd never said they were exactly the same. I just said they are good enough to do the job. Of course, the newer device is better in quantity of functions and options (no matter the brand) but again if the first device is working, why change it. What is the real need to make such a big change without a real need to do it? It's not affordable for most organizations.
What is your goal,@Isaiah Dominic? Please tell us what functions you need from FortiGate which are not there, in Cisco ASA?
Again, how are you gonna reduce the cost of buyying somethig to replace some gear you already have doing the job, @Isaiah Dominic? What are your use cases? I'm not supporting the Cisco brand (trust me I dont like it, ) but maybe ii's because my English isn't that good but I dont get it.
I have a few questions: Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:
I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it?
If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?
Manager Network & Communication Engineer at a transportation company with 1,001-5,000 employees
Real User
2022-05-11T10:02:24Z
May 11, 2022
The ASA model is very important here.
Does the ASA has the NGFW features or it's the old legacy FW?
Did you do the proper sizing for the FG, to decide this is the suitable model?
What I expect, you have an old legacy FW (Cisco ASA) and you want to replace it with NGFW. If so, I recommend this step, but my concern is to take care of the sizing calculation, since the performance in a Cisco firewall is slightly better.
Confusing, costs? Cost is an elastic term that with time will determine choices.
Fortinet is KING!.
Cisco ASA could not come anywhere near. Not sure reasons for going to ASA, in the first place.
The Forti OS system and the hardware appliances on most models have custom chips that provide an incredible throughput with lots of protection enabled policies otherwise, like ASA, the CPU would choke very quickly.
All that I can say is that you cannot go wrong with a FortiGate appliance. Simple as that.
I would think you are upgrading your current ASA which is there for a long time with a NextGen firewall.
I don’t understand the point of reducing the cost, since ASA is an old product, you wouldn’t be able to compare the prices. In terms of the cyber security and next-generation firewall capabilities, I would suggest looking at products from Palo Alto Networks and compare with FortiGate which price-wise would be better.
A next-generation firewall is recommended if it is a small, medium or large environment as the cyber-attacks are exponentially high now. I would highly recommend having a look around Palo Alto vs FortiGate comparison and the pros and cons.
Hi,
You are comparing a piece of old equipment with a true next-gen firewall.
Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent.
But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.
Chalk and cheese!
I'd never said they were exactly the same. I just said they are good enough to do the job. Of course, the newer device is better in quantity of functions and options (no matter the brand) but again if the first device is working, why change it. What is the real need to make such a big change without a real need to do it? It's not affordable for most organizations.
What is your goal,@Isaiah Dominic? Please tell us what functions you need from FortiGate which are not there, in Cisco ASA?
Again, how are you gonna reduce the cost of buyying somethig to replace some gear you already have doing the job, @Isaiah Dominic? What are your use cases? I'm not supporting the Cisco brand (trust me I dont like it, ) but maybe ii's because my English isn't that good but I dont get it.
Good luck!
Hi @Isaiah Dominic,
I have a few questions:
Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:
I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it?
If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?
Both devices are good enough.
I expect this could help you,
Good luck!
@Luis Apodaca no they are not. It is chalk and cheese.
Highly recommended
You'll find extreme differences between both, especially in cost and support.
For any inquiries don't hesitate to send me a DM.
I recommend Cisco Firepower NGFW
The ASA model is very important here.
Does the ASA has the NGFW features or it's the old legacy FW?
Did you do the proper sizing for the FG, to decide this is the suitable model?
What I expect, you have an old legacy FW (Cisco ASA) and you want to replace it with NGFW. If so, I recommend this step, but my concern is to take care of the sizing calculation, since the performance in a Cisco firewall is slightly better.
Confusing, costs? Cost is an elastic term that with time will determine choices.
Fortinet is KING!.
Cisco ASA could not come anywhere near. Not sure reasons for going to ASA, in the first place.
The Forti OS system and the hardware appliances on most models have custom chips that provide an incredible throughput with lots of protection enabled policies otherwise, like ASA, the CPU would choke very quickly.
All that I can say is that you cannot go wrong with a FortiGate appliance. Simple as that.
Hi @Isaiah Dominic,
I would think you are upgrading your current ASA which is there for a long time with a NextGen firewall.
I don’t understand the point of reducing the cost, since ASA is an old product, you wouldn’t be able to compare the prices. In terms of the cyber security and next-generation firewall capabilities, I would suggest looking at products from Palo Alto Networks and compare with FortiGate which price-wise would be better.
A next-generation firewall is recommended if it is a small, medium or large environment as the cyber-attacks are exponentially high now. I would highly recommend having a look around Palo Alto vs FortiGate comparison and the pros and cons.
I will leave it up to you and I hope this helps.