We performed a comparison between Cisco ASA Firewall and Fortinet Fortigate based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Fortinet Fortigate comes out on top. Its ease of deployment combined with its solid set of features and excellent service and support ratings make it a more desirable solution than Cisco ASA Firewall.
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"You do not have to do everything through a command line which makes it a lot easier to apply rules."
"The implementation is pretty straightforward."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good."
"The whole firewall functionality, including firewall policies and IPS policies, is valuable. It has all kinds of functionalities. It has IPS, VPN, and other features. They are doing quite a lot of stuff with their devices."
"Simple to deploy, stable."
"We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing."
"I like all of the features."
"It is a very user-friendly product."
"The user interface is easy to navigate."
"I have found the stability of this solution really good. This is why I use it."
"Its stability is the most valuable."
"The most useful functionality of Fortinet FortiGate is the user interface, multiple engines, and their cloud with the latest integrations. Additionally, the Security Fabric tool is very good."
"The most valuable features are the policies, filtering, and configuration."
"There are great templates, so you don't have to customize them if you don't want to. You do have the option to custom create some folders and some reports, however, with what is there, you don't really need to go through extra effort, as they already give you a lot of predefined views of reports and so forth."
"It's very easy to configure."
"The most valuable features of Fortinet FortiGate are the ease of use and there are several operating systems that can include the hardware capacities. In the newer releases, the resources were more useful because they were included in the operating system."
"The most valuable feature is the interface, which is very user friendly. We are utilizing most of the features, like content filtering. The firewall is powerful."
"The notable features that I have found most valuable are that it includes the antivirus, and also IPS, and even SD-WAN."
"An area of improvement for this solution is the console visualization."
"Cisco Firepower NGFW Firewall can be more secure."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"The performance should be improved."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."
"I have used Fortinet, Palo Alto, and Check Point previously and I prefer the process of everything working together."
"The configuration is an area that needs improvement."
"The solution has not had any layer upgrades. It does not have layer five and upwards, it only has up to layer four. This has caused some problems for us."
"Cisco ASA Firewall could improve by adding more advanced features such as web filtering, which is available in the next-generation firewalls. However, the Cisco ASA Firewall I am using could be old and these features have been updated."
"We have more than one Cisco firewall and it is difficult for me to integrate both on the single UI."
"The virtual firewalls don't work very well with Cisco AnyConnect."
"Some individuals find the setup and configuration challenging."
"If they want to add better features to the current Cisco ASA, they can start by increasing the encryption. That is the only thing they need to improve."
"Its reporting capabilities can be improved. It should have some out-of-the-box reporting capabilities and some degree of customization. The basic reporting that it currently has is not sufficient to create more usable reports. It needs some sort of out-of-the-box reporting. They try to make customers purchase FortiAnalyzer for this kind of reporting, which is an additional cost. Other firewall vendors, such as SonicWall and Sophos, provide this sort of reporting without any additional cost."
"If they could extend their fabric towards other vendor environments for integration, that would be great."
"FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."
"In the next release, I would like to see the interface simplified to be more user-friendly."
"The initial setup is complex."
"I would like to see better pricing in the next release, as well as a simplification of the installation."
"The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall."
"They've become quite expensive."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Cisco ASA Firewall is ranked 6th in Firewalls with 63 reviews while Fortinet FortiGate is ranked 1st in Firewalls with 163 reviews. Cisco ASA Firewall is rated 8.0, while Fortinet FortiGate is rated 8.4. The top reviewer of Cisco ASA Firewall writes "Robust solution that integrates well with both Cisco products and products from other vendors". On the other hand, the top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". Cisco ASA Firewall is most compared with Palo Alto Networks WildFire, Meraki MX, pfSense, Juniper SRX and SonicWall TZ, whereas Fortinet FortiGate is most compared with pfSense, Sophos XG, Check Point NGFW, Meraki MX and SonicWall TZ. See our Cisco ASA Firewall vs. Fortinet FortiGate report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Chalk and cheese!
I'd never said they were exactly the same. I just said they are good enough to do the job. Of course, the newer device is better in quantity of functions and options (no matter the brand) but again if the first device is working, why change it. What is the real need to make such a big change without a real need to do it? It's not affordable for most organizations.
What is your goal,@Isaiah Dominic? Please tell us what functions you need from FortiGate which are not there, in Cisco ASA?
Again, how are you gonna reduce the cost of buyying somethig to replace some gear you already have doing the job, @Isaiah Dominic? What are your use cases? I'm not supporting the Cisco brand (trust me I dont like it, ) but maybe ii's because my English isn't that good but I dont get it.
Good luck!
Hi,
You are comparing a piece of old equipment with a true next-gen firewall.
Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent.
But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.
Hi @Isaiah Dominic,
I have a few questions:
Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:
I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it?
If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?
Both devices are good enough.
I expect this could help you,
Good luck!
Highly recommended
You'll find extreme differences between both, especially in cost and support.
For any inquiries don't hesitate to send me a DM.
The ASA model is very important here.
Does the ASA has the NGFW features or it's the old legacy FW?
Did you do the proper sizing for the FG, to decide this is the suitable model?
What I expect, you have an old legacy FW (Cisco ASA) and you want to replace it with NGFW. If so, I recommend this step, but my concern is to take care of the sizing calculation, since the performance in a Cisco firewall is slightly better.
Confusing, costs? Cost is an elastic term that with time will determine choices.
Fortinet is KING!.
Cisco ASA could not come anywhere near. Not sure reasons for going to ASA, in the first place.
The Forti OS system and the hardware appliances on most models have custom chips that provide an incredible throughput with lots of protection enabled policies otherwise, like ASA, the CPU would choke very quickly.
All that I can say is that you cannot go wrong with a FortiGate appliance. Simple as that.
Hi @Isaiah Dominic,
I would think you are upgrading your current ASA which is there for a long time with a NextGen firewall.
I don’t understand the point of reducing the cost, since ASA is an old product, you wouldn’t be able to compare the prices. In terms of the cyber security and next-generation firewall capabilities, I would suggest looking at products from Palo Alto Networks and compare with FortiGate which price-wise would be better.
A next-generation firewall is recommended if it is a small, medium or large environment as the cyber-attacks are exponentially high now. I would highly recommend having a look around Palo Alto vs FortiGate comparison and the pros and cons.
I will leave it up to you and I hope this helps.