We changed our name from IT Central Station: Here's why

Cisco ASA Firewall vs Fortinet FortiGate comparison

Cancel
You must select at least 2 products to compare!
Comparison Summary
Question: Which is better - Fortinet FortiGate or Cisco ASA Firewall?
Answer: One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fortigate is very stable, reliable, and consistent. We like that we can manage the entire network from one interface; there is no going back and forth as some other solutions force you to do. Fortinet Fortigate firewalls have access point controller functionality built right into the system; there is no need for additional devices. This solution offers great built-in features for web filtering, and the VPN is an extremely valuable feature. The reporting with Fortinet Fortigate needs some degree of customization so that more usable reports can be created. If you want extra features, you need to buy extra licenses, which can get expensive quickly. We wish we could get more with the general license. We would also like to see better cloud management. It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco ecosystem, it is very simple to handle. This solution has traffic inspection and the Firepower engine, which provides good application visibility and control. Cisco ASA gives you full details, traffic monitoring, and threat monitoring. The solution has very solid encryption and multi-factor authentication. It is a great option to enable seamless work-from-home options. The front-end configuration with Cisco ASA can be tough, though - there are too many steps in this process. It would also be better if there was a clear view of the integrations and the easiest way to complete them. In inexperienced hands, the Cisco ASA interface can be pretty daunting. An improved GUI would make this product much more user-friendly and competitive with other products. This solution can also be very expensive. Conclusion We chose Fortinet Fortigate. It is a better fit for us. We have clients that still have many team members working remotely and the VPN that Fortinet Fortigate provides is extremely valuable. The antivirus and the IPS intrusion prevention help add to the overall reliability and stability of Fortinet Fortigate.
Featured Review
Find out what your peers are saying about Cisco ASA Firewall vs. Fortinet FortiGate and other solutions. Updated: January 2022.
564,143 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate.""The most valuable feature is stability.""We have not had to deal with stability issues.""It's got the capabilities of amassing a lot of throughput with remote access and VPNs.""I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete.""It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS.""The customer service/technical support is very good with this solution.""Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."

More Cisco Firepower NGFW Firewall Pros →

"Cisco ASA provides us with very good application visibility and control.""Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform.""The solution is excellent for enterprise-level networks.""The Inline Mode configuration works really well, and ASA works very impressively.""We are mostly using it for remote access, so the remote access feature is the most valuable, but all other features are also needed and required. It is also a very straightforward and reliable solution.""Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA. The biggest advantage of Cisco products is technical support. They provide the best technical support.""The most valuable feature we have found to be the VPN because we use it often.""The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks."

More Cisco ASA Firewall Pros →

"It's user-friendly and easy to operate.""I like Fortinet FortiGate's antispam filter, SPN, and clustering features.""I like that they have given me a solution at a fair price.""The user interface (UI) is very, very good.""The SD-WAN feature is the most valuable. This feature evolved from link load balancing. It has helped us in terms of our uptime and privatizing applications whenever we experience an outage. The SD-WAN feature has been a plus for us. Two-factor authentication has allowed us to add more users in terms of remote working. We have two-factor authentication for remote workers to authenticate them before they get on the network.""This product is definitely scalable.""The simplicity of the product is great. It's very easy to use, which is a compliment we get all the time in terms of feedback.""The most valuable features are that it is very simple to configure and to manage."

More Fortinet FortiGate Pros →

Cons
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement.""Deploying configurations takes longer than it should.""We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve.""Report generation is an area that should be improved.""My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement.""FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively.""The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough.""I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."

More Cisco Firepower NGFW Firewall Cons →

"They should improve their interface.""We don't have any serious problems. The firewall models that we have are quite legacy, and they have slower performance. We are currently investigating the possibility of migrating to next-generation firewalls.""Cisco provides us with application visibility and control, although it's not a complete solution compared to other vendors. Cisco needs to work on the application behavior side of things, in particular when it comes to the behavior of SSL traffic.""I have worked with the new FTD models and they have more features than the ASA line.""The configuration is an area that needs improvement.""The virtual firewalls don't work very well with Cisco AnyConnect.""If I want to activate IPS features on it, I have to buy another license. If I want Cisco AnyConnect, I have to buy another license. That's where we have challenges.""In the next release, I would like to see the VPN and UTM features included."

More Cisco ASA Firewall Cons →

"The visibility of the network can be better. The GUI can be improved for better visibility of the network flow. Other solutions have better GUI in terms of network visibility.""We would like to see an upgrade to the VPN feature, we are using the VPN from outside of our office and there is a limitation to 10 connections, more connections would be suitable.""We were not able to build a full-mesh VPN; however, I am not sure if this was the fault of Fortinet FortiGate.""The logs need to be better. They need to be more visible and easier to access.""There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering.""Currently, FortiGate is providing SSL VPN. But they're missing some features that are available in Palo Alto's SSL VPN.""The central management for the FortiGate Fortinet Firewall needs improvement. They have the manager to do the essential management for both SD-WAN and for the security policy. They should also improve the SD-WAN function.""If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox."

More Fortinet FortiGate Cons →

Pricing and Cost Advice
  • "Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
  • "There are additional implementation and validation costs."
  • "Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
  • "This product requires licenses for advanced features including Snort, IPS, and malware detection."
  • "This product is expensive."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The price of Firepower is not bad compared to other products."
  • "The solution was chosen because of its price compared to other similar solutions."
  • More Cisco Firepower NGFW Firewall Pricing and Cost Advice →

  • "In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco."
  • "There is room for improvement in the pricing when compared to the market. Although, when you compare the benefits of support from Cisco, you can adjust the value and it becomes comparable, because you usually need very good support. So you gain value there with this device."
  • "When it comes to Cisco, the price of everything is higher. Cisco firewalls are expensive, but we get support from Cisco, and that support is very active."
  • "Cisco is expensive, but you do get benefits for the price."
  • "It's a brilliant firewall, and the fact that it comes with a perpetual license really does go far in terms of helping the organization in not having to deal with those costs on an annual basis. That is a pain point when it comes to services like the ones we have on Fortigate. That's where we really give Cisco firewalls the thumbs up."
  • "The licensing is a bit off because the physical firewall is cheaper than the virtual one. We only have the physical ones as they are cheaper than the virtual ones. We only use the physical firewalls because of the price difference."
  • "Always consider what you might need to reduce your wasted time and invest it in other solutions."
  • "Cisco is considered to be an expensive solution."
  • More Cisco ASA Firewall Pricing and Cost Advice →

  • "Fortinet is the least expensive solution."
  • "It's very affordable."
  • "Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you."
  • "The Indian market is different than the European and American markets. When you compare they need to be a bit more aggressive on pricing."
  • "I think that the pricing is fair."
  • "For our organization, the licensing costs are approximately $7,000 per year."
  • "It's an expensive solution."
  • "The price is okay."
  • More Fortinet FortiGate Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    564,143 professionals have used our research since 2012.
    Answers from the Community
    Netanya Carmi
    author avatarDirectser677 (Technology Services Director at a tech services company with 11-50 employees)
    Reseller

    Better is very subjective. If you want a firewall that your Cisco-trained engineers can integrate with your Cisco routers and Cisco switches and that supports Cisco proprietary protocols, or you need a firewall that runs at terabit speeds and integrates with FortiSwitch, I bet you know the answer.  


    Headline, Fortigates are fixed-port appliances, with really good hardware acceleration and a big security integration fabric. 


    Cisco ASA (and now Firepower) can be modular, where you choose the ports you need, but tend to cost more for the same amount of throughput and tend not to have as much integration with other parts of the security world.  


    There is a lot more to say but pick the things that are important to you. 

    author avatarfdiazm@entel.cl
    User

    I think they are for two different businesses with different digital strategies as well.

    On the one hand, we have the option of consolidating everything in a single box and on the other, putting together a solution with parts and pieces that are more robust but also more complex.

    And don't forget the look of the technology departments where an option clearly requires less expert level to exploit the acquired infrastructure. This is where the concept of Service appears, which in my understanding has already had to evolve from the traditional times of responses and product catalogs.

    author avatarSuresh Ukkalkar
    Real User

    CISCO ASA is a great product, easy trouble shooting on Cmd line and GUI interface,best Cisco Support 

    Questions from the Community
    Top Answer: 
    When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer: 
    The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
    Top Answer: 
    It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer: 
    One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
    Top Answer: 
    Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports… more »
    Top Answer: 
    When looking to change our ASA Firewall, we looked into Palo Alto’s WildFire. It works especially in preventing advanced… more »
    Top Answer: 
    As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite… more »
    Top Answer: 
    In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
    Top Answer: 
    I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
    Comparisons
    Also Known As
    Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
    Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv
    FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
    Learn More
    Overview

    Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
    small/branch offices to high performance data centers and service providers. Available in a wide
    range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
    defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
    Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
    features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
    volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
    for increased performance, high availability configurations, and more.
    Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
    deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
    the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
    can deliver micro-segmentation to protect east-west network traffic.
    Cisco firewalls provide consistent security policies, enforcement, and protection across all your
    environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
    delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
    SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
    greater simplicity, visibility, and efficiency.
    Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

    Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more.

    Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic.

    Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency.

    Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

    The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

    Offer
    Learn more about Cisco Firepower NGFW Firewall
    Learn more about Cisco ASA Firewall
    Learn more about Fortinet FortiGate
    Sample Customers
    Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
    There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
    Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
    Top Industries
    REVIEWERS
    Comms Service Provider22%
    Financial Services Firm16%
    Manufacturing Company8%
    Non Profit8%
    VISITORS READING REVIEWS
    Comms Service Provider33%
    Computer Software Company21%
    Government7%
    Manufacturing Company4%
    REVIEWERS
    Financial Services Firm17%
    Comms Service Provider13%
    Manufacturing Company10%
    Computer Software Company7%
    VISITORS READING REVIEWS
    Comms Service Provider35%
    Computer Software Company21%
    Government5%
    Educational Organization4%
    REVIEWERS
    Comms Service Provider14%
    Computer Software Company10%
    Financial Services Firm9%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Comms Service Provider37%
    Computer Software Company20%
    Government5%
    Educational Organization4%
    Company Size
    REVIEWERS
    Small Business43%
    Midsize Enterprise28%
    Large Enterprise29%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise66%
    REVIEWERS
    Small Business35%
    Midsize Enterprise26%
    Large Enterprise39%
    VISITORS READING REVIEWS
    Small Business28%
    Midsize Enterprise16%
    Large Enterprise57%
    REVIEWERS
    Small Business48%
    Midsize Enterprise25%
    Large Enterprise28%
    VISITORS READING REVIEWS
    Small Business35%
    Midsize Enterprise24%
    Large Enterprise40%
    Find out what your peers are saying about Cisco ASA Firewall vs. Fortinet FortiGate and other solutions. Updated: January 2022.
    564,143 professionals have used our research since 2012.

    Cisco ASA Firewall is ranked 6th in Firewalls with 62 reviews while Fortinet FortiGate is ranked 1st in Firewalls with 98 reviews. Cisco ASA Firewall is rated 8.0, while Fortinet FortiGate is rated 8.4. The top reviewer of Cisco ASA Firewall writes "Robust solution that integrates well with both Cisco products and products from other vendors". On the other hand, the top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". Cisco ASA Firewall is most compared with Palo Alto Networks WildFire, Meraki MX, Juniper SRX, pfSense and SonicWall TZ, whereas Fortinet FortiGate is most compared with pfSense, Check Point NGFW, Meraki MX, Sophos XG and SonicWall TZ. See our Cisco ASA Firewall vs. Fortinet FortiGate report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.