We performed a comparison between Cisco ASA Firewall and Fortinet Fortigate based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Fortinet Fortigate comes out on top. Its ease of deployment combined with its solid set of features and excellent service and support ratings make it a more desirable solution than Cisco ASA Firewall.
"The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality."
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"Provides good integrations and reporting."
"A good intrusion prevention system and filtering."
"I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"I have found the stability of this solution really good. This is why I use it."
"VPN and firewall are good features."
"It helped us a lot with our VPNs for the home office during COVID. There has been more security and flexibility for VPNs and other applications."
"The most valuable feature would be the IP blocking. It gets rid of things that you don't need in your environment."
"The remote access, VPN, and ACL features are valuable. We are using role-based access for individuals."
"It is extremely stable I would say — at least after you deploy it."
"It's a flexible solution and is well-known in the community."
"The features that are most valuable within the firewall are the IPS as well as the Unified Communications. We also really like the dynamic grouping."
"The stability and scalability of this solution are satisfactory. Its SD-WAN, VPN, and URL filtering features are very useful."
"I like Fortinet FortiGate's antispam filter, SPN, and clustering features."
"Fortinet FortiGate's most valuable features are ease of use, flexibility, and most of the configuration we can be done using the GUI. When we compare Fortinet FortiGate with other solutions the firewall policy are very easy to understand."
"It is very flexible to use."
"The threat prevention is the solution's most valuable aspect."
"The dashboard I have found the most valuable in Fortinet FortiGate."
"Fortinet FortiGate is stable. It's used across all the countries, this is the way most multinationals run their system."
"The scalability of Fortinet FortiGate is good."
"Cisco Firepower NGFW Firewall can be more secure."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"The cost is very high. Most organizations cannot afford it."
"Technical support takes a long time to respond."
"The graphical interface could be improved. From what I have seen, Fortinet, for example, has a nicer GUI."
"The annual subscription cost is a bit high. They should try to make it comparable to other offerings. We have a number of Chinese products here in Pakistan, which are already, very cheap and have less annual maintenance costs compared to Cisco."
"The solution needs to have better logging features."
"We have more than one Cisco firewall and it is difficult for me to integrate both on the single UI."
"This is an older product and has reached end-of-life."
"I have used Fortinet, Palo Alto, and Check Point previously and I prefer the process of everything working together."
"Fortinet currently has many products bundled with FortiGate including the basic firewall and load balancer, and I think that that they need to have separate product portfolios for each of these specialized services."
"When we cluster the two Fortinet FortiGate boxes together we have some issues."
"The solution lacks multi-language support."
"FortiGate is really good. We have been using it for quite some time. Initially, when we started off, we had around 70 plus devices of FortiGate, but then Check Point and Palo Alto took over the place. From the product perspective, there are no issues, but from the account perspective, we have had issues. Fortinet's presence in our company is very less. I don't see any Fortinet account managers talking to us, and that presence has diluted in the last two and a half or three years. We have close to 1,500 firewalls. Out of these, 60% of firewalls are from Palo Alto, and a few firewalls are from Check Point. FortiGate firewalls are very less now. It is not because of the product; it is because of the relationship. I don't think they had a good relationship with us, and there was some kind of disconnect for a very long time. The relationship between their accounts team and my leadership team seems to be the reason for phasing out FortiGate."
"It is very expensive, and their support is not very good. I hope that their technical support will be better in the future."
"Fortinet FortiGate can improve the integration with Active Directory. Additionally, I would like to have a Cloud Controller, such as they do in the Cisco Meraki solution."
"Fortinet FortiGate needs to improve the logging and reporting. Additionally, the next-generation application's policies should be improved. When they were released they had bugs."
"Bandwidth usage in reporting could be improved for Fortinet FortiGate."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Cisco ASA Firewall is ranked 6th in Firewalls with 69 reviews while Fortinet FortiGate is ranked 1st in Firewalls with 166 reviews. Cisco ASA Firewall is rated 8.0, while Fortinet FortiGate is rated 8.4. The top reviewer of Cisco ASA Firewall writes "Packet inspection with ASDM works well, but upgrading requires notable planning and effort". On the other hand, the top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". Cisco ASA Firewall is most compared with Palo Alto Networks WildFire, Meraki MX, pfSense, Juniper SRX and Sophos XG, whereas Fortinet FortiGate is most compared with pfSense, Sophos XG, Check Point NGFW, Meraki MX and SonicWall TZ. See our Cisco ASA Firewall vs. Fortinet FortiGate report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi,
You are comparing a piece of old equipment with a true next-gen firewall.
Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent.
But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.
Chalk and cheese!
I'd never said they were exactly the same. I just said they are good enough to do the job. Of course, the newer device is better in quantity of functions and options (no matter the brand) but again if the first device is working, why change it. What is the real need to make such a big change without a real need to do it? It's not affordable for most organizations.
What is your goal,@Isaiah Dominic? Please tell us what functions you need from FortiGate which are not there, in Cisco ASA?
Again, how are you gonna reduce the cost of buyying somethig to replace some gear you already have doing the job, @Isaiah Dominic? What are your use cases? I'm not supporting the Cisco brand (trust me I dont like it, ) but maybe ii's because my English isn't that good but I dont get it.
Good luck!
Hi @Isaiah Dominic,
I have a few questions:
Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:
I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it?
If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?
Both devices are good enough.
I expect this could help you,
Good luck!
Highly recommended
You'll find extreme differences between both, especially in cost and support.
For any inquiries don't hesitate to send me a DM.
The ASA model is very important here.
Does the ASA has the NGFW features or it's the old legacy FW?
Did you do the proper sizing for the FG, to decide this is the suitable model?
What I expect, you have an old legacy FW (Cisco ASA) and you want to replace it with NGFW. If so, I recommend this step, but my concern is to take care of the sizing calculation, since the performance in a Cisco firewall is slightly better.
Confusing, costs? Cost is an elastic term that with time will determine choices.
Fortinet is KING!.
Cisco ASA could not come anywhere near. Not sure reasons for going to ASA, in the first place.
The Forti OS system and the hardware appliances on most models have custom chips that provide an incredible throughput with lots of protection enabled policies otherwise, like ASA, the CPU would choke very quickly.
All that I can say is that you cannot go wrong with a FortiGate appliance. Simple as that.
Hi @Isaiah Dominic,
I would think you are upgrading your current ASA which is there for a long time with a NextGen firewall.
I don’t understand the point of reducing the cost, since ASA is an old product, you wouldn’t be able to compare the prices. In terms of the cyber security and next-generation firewall capabilities, I would suggest looking at products from Palo Alto Networks and compare with FortiGate which price-wise would be better.
A next-generation firewall is recommended if it is a small, medium or large environment as the cyber-attacks are exponentially high now. I would highly recommend having a look around Palo Alto vs FortiGate comparison and the pros and cons.
I will leave it up to you and I hope this helps.