We performed a comparison between Cisco ASA Firewall and Fortinet Fortigate based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Fortinet Fortigate comes out on top. Its ease of deployment combined with its solid set of features and excellent service and support ratings make it a more desirable solution than Cisco ASA Firewall.
"The implementation is pretty straightforward."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"A good intrusion prevention system and filtering."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"With Cisco, there are a lot of features such as the network map. Cisco builds the whole network map of the machines you have behind your firewall and gives you insight into the vulnerabilities and attributes that the host has. Checkpoint and Fortinet don't have that functionality directly on the firewall."
"The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"I have not contacted technical support. There is a lot of information on the internet for troubleshooting. All you need to do is use a search engine and you will find the information you are looking for easily."
"The clusters in data centers are great."
"We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing."
"The whole firewall functionality, including firewall policies and IPS policies, is valuable. It has all kinds of functionalities. It has IPS, VPN, and other features. They are doing quite a lot of stuff with their devices."
"The VPN feature is the most valuable to us because it accomplishes the task well. We're able to do everything we need to do."
"Cisco ASA Firewall is a well known product. They're always updating it, and you know what they're doing and that it works."
"The remote access, VPN, and ACL features are valuable. We are using role-based access for individuals."
"The management aspect of the product is very straightforward."
"The VPN is the most valuable feature."
"The most valuable features are that it is very simple to configure and to manage."
"The simplicity of the product is great. It's very easy to use, which is a compliment we get all the time in terms of feedback."
"Fortinet FortiGate is stable. It's used across all the countries, this is the way most multinationals run their system."
"The performance is good."
"The solution is extremely reliable."
"We've found the solution to be pretty stable."
"We use a lot of function on the IPS and it works well for us."
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."
"The only drawback of the user interface is when it comes to policies. When you open it and click on the policies, you have to move manually left and right if you want to see the whole field within the cell. Checkpoint has a very detailed user interface."
"Deploying configurations takes longer than it should."
"The application detection feature of this solution could be improved as well as its integration with other solutions."
"The initial setup can be a bit complex for those unfamiliar with the solution."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"Most of the features don't work well, and some features are missing as well."
"Maybe the dashboard could be a bit better."
"Nowadays, nobody is in the office, so I need to figure out how to put the firewall outside. If I could have a centralized firewall that also receives information from external locations, like peoples' home offices, that would help us consolidate everything into one appliance."
"I would like to see them update the GUI so that it doesn't look like it was made in 1995."
"I would like to see them add more next-generation features so that you don't need a lot of appliances to do just one task. It should be a single solution."
"The cost is very high. Most organizations cannot afford it."
"Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this."
"The virtual firewalls don't work very well with Cisco AnyConnect."
"Its user interface is good, but it could be better. Currently, you have to know what to do before you can manage a device. If you don't know what to do, you can mess things up. There are some devices that are easier, such as FortiGate. The user interface of FortiGate is more intuitive. It is very easy to log in and configure things."
"It is hard to control the bandwidth of end-users with a Cisco Firewall. That is the main issue I've faced. I used Mikrotik for many years for this very reason. Mikrotik has the option to set a bandwidth restriction for a single IP or complete segments. Cisco should add this option to their firewall."
"One of the features that I would like to have is to do with endpoint production, it should be integrated. For example, the firewall gets notified of any kind of forensic event that needs to be done, such as if there is a ransomware attack and how it originated, all those records have to be available from the firewall, which is not."
"Bandwidth usage in reporting could be improved for Fortinet FortiGate."
"It should be more stable. There should be full integration within Fortinet products themselves as well as with other third-party products. Especially when you're not dealing with SIEM and the correlation of the security box, we want Fortinet to be able to share that information with as many other products as it can."
"I don't like that anything more than very basic reporting is not included."
"I would like reporting to be improved and should offer a lot more tools to monitor the products."
"Its price could be better."
"The cloud management and automation capability could be improved."
"The platform's interface could improve."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Cisco ASA Firewall is ranked 4th in Firewalls with 87 reviews while Fortinet FortiGate is ranked 1st in Firewalls with 169 reviews. Cisco ASA Firewall is rated 8.4, while Fortinet FortiGate is rated 8.4. The top reviewer of Cisco ASA Firewall writes "Includes multiple tools that help manage and troubleshoot, but needs SD-WAN for load balancing". On the other hand, the top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". Cisco ASA Firewall is most compared with Palo Alto Networks WildFire, Meraki MX, pfSense, Juniper SRX and Sophos XG, whereas Fortinet FortiGate is most compared with pfSense, Sophos XG, Check Point NGFW, Meraki MX and WatchGuard Firebox. See our Cisco ASA Firewall vs. Fortinet FortiGate report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi,
You are comparing a piece of old equipment with a true next-gen firewall.
Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent.
But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.
Chalk and cheese!
I'd never said they were exactly the same. I just said they are good enough to do the job. Of course, the newer device is better in quantity of functions and options (no matter the brand) but again if the first device is working, why change it. What is the real need to make such a big change without a real need to do it? It's not affordable for most organizations.
What is your goal,@Isaiah Dominic? Please tell us what functions you need from FortiGate which are not there, in Cisco ASA?
Again, how are you gonna reduce the cost of buyying somethig to replace some gear you already have doing the job, @Isaiah Dominic? What are your use cases? I'm not supporting the Cisco brand (trust me I dont like it, ) but maybe ii's because my English isn't that good but I dont get it.
Good luck!
Hi @Isaiah Dominic,
I have a few questions:
Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:
I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it?
If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?
Both devices are good enough.
I expect this could help you,
Good luck!
Highly recommended
You'll find extreme differences between both, especially in cost and support.
For any inquiries don't hesitate to send me a DM.
The ASA model is very important here.
Does the ASA has the NGFW features or it's the old legacy FW?
Did you do the proper sizing for the FG, to decide this is the suitable model?
What I expect, you have an old legacy FW (Cisco ASA) and you want to replace it with NGFW. If so, I recommend this step, but my concern is to take care of the sizing calculation, since the performance in a Cisco firewall is slightly better.
Confusing, costs? Cost is an elastic term that with time will determine choices.
Fortinet is KING!.
Cisco ASA could not come anywhere near. Not sure reasons for going to ASA, in the first place.
The Forti OS system and the hardware appliances on most models have custom chips that provide an incredible throughput with lots of protection enabled policies otherwise, like ASA, the CPU would choke very quickly.
All that I can say is that you cannot go wrong with a FortiGate appliance. Simple as that.
Hi @Isaiah Dominic,
I would think you are upgrading your current ASA which is there for a long time with a NextGen firewall.
I don’t understand the point of reducing the cost, since ASA is an old product, you wouldn’t be able to compare the prices. In terms of the cyber security and next-generation firewall capabilities, I would suggest looking at products from Palo Alto Networks and compare with FortiGate which price-wise would be better.
A next-generation firewall is recommended if it is a small, medium or large environment as the cyber-attacks are exponentially high now. I would highly recommend having a look around Palo Alto vs FortiGate comparison and the pros and cons.
I will leave it up to you and I hope this helps.