No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Secure Firewall vs Fortinet FortiGate vs Palo Alto Networks NG Firewalls comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
4.2
Cisco Secure Firewall boosts ROI by enhancing security, reducing costs, and increasing efficiency through simplified management and integration.
Sentiment score
5.9
Fortinet FortiGate offers a high ROI through enhanced productivity, efficiency, security, cost savings, and simplified management.
Sentiment score
6.5
Palo Alto Networks NG Firewalls deliver strong ROI through reduced risks, costs, and enhanced security features despite high initial costs.
There is always a return on investment because you find you invest heavily, but your environment is secure and then you are at rest; you do not need to panic.
Specialist Datacenter And Server at IHS Towers
The biggest return on investment when using Cisco Secure Firewall is that there's no waste in any infrastructure cost and licensing costs for us.
Assistant Vice President at PLDT Enterprise
From my point of view, the biggest return on investment when using Cisco Secure Firewall is the single pane of glass, which is a huge plus for us.
Network Engineer at a government with 10,001+ employees
The automation part is giving us a cost benefit and speed; we can react faster.
BDM Fortinet & BDM Teamlead at Exclusive Networks
It's a very useful tool to mitigate and protect your enterprise.
Staff Infrastructure & Security Engineer at Mozn Systems
When investing in cybersecurity with Fortinet FortiGate 200, which costs more than $10,000, companies that are growing directly can expect ROI within 1.5 to 3 years.
Manager, Information Technology Operation/Presales at TechMonarch
Their user-friendly interface and Panorama central management, which provides a comprehensive overview, make them an ideal investment.
Technical Lead at Accenture
The solution helped reduce downtime, which is crucial in time-sensitive industries like manufacturing.
Director IT Infrastructure and Operations at a analyst firm with 51-200 employees
I have seen a return on investment as there are definitely clear cost reductions, resource savings, time savings, and improved risk detection.
Network & Security Engineer at Arrow PC Network Pvt.Ltd.
 

Customer Service

Sentiment score
7.2
Cisco Secure Firewall support is praised for its responsiveness and expertise, though some users experience delays in resolution.
Sentiment score
6.5
Fortinet FortiGate's 24/7 support is generally well-rated but needs improvement in response speed for urgent issues.
Sentiment score
6.7
Palo Alto Networks NG Firewalls support is knowledgeable but inconsistent, with language barriers and emergency response times needing improvement.
I have to provide many logs, yet problems remain unresolved, often requiring workarounds rather than solutions.
VSO at a computer software company with 501-1,000 employees
I have been working with them on firewalls, wireless, switching, and routing, and the support is the best.
Principal Consultant at Epitome Infotech Solutions (P) Ltd
They have expertise and provide solutions for the most difficult problems.
Network Security Administrator at a government with 501-1,000 employees
The quick resolution of issues with Fortinet FortiGate is due to the support of the company and the fact that the equipment is easy to work with.
IT Manager at a consultancy with 10,001+ employees
I would rate the technical support for Fortinet FortiGate a ten out of ten.
NAC Support at Rah Infotech Pvt Ltd
As a solution provider, when I encounter problems, I connect directly with Fortinet support, and they provide solutions within a very short time.
Manager, Information Technology Operation/Presales at TechMonarch
Palo Alto's network support is excellent, and I would rate it a ten out of ten.
Founder at a tech services company with 11-50 employees
Their response time is within one hour.
Head of data centers at a non-profit with 10,001+ employees
They offer fast and competent assistance.
IP / Operations Support System Engineer; Pre-Sales Engineer at Avantguard.it
 

Scalability Issues

Sentiment score
6.7
Cisco Secure Firewall effectively scales for different user volumes but faces licensing and hardware challenges, especially in on-premises solutions.
Sentiment score
7.1
Fortinet FortiGate is praised for scalability and adaptability across enterprises, though some users face cloud scaling and upgrade challenges.
Sentiment score
6.8
Palo Alto Networks NG Firewalls offer scalability and customization, but hardware limitations and cost issues affect extensive scaling options.
When something happens in the device, the failover happens very quickly without any interruption.
Network Unit Head at a comms service provider with 501-1,000 employees
Cisco Secure Cloud now allows us to potentially take the management functions of Cisco Secure Firewall, move it into the cloud, and integrate it with other Cisco security products, managing everything from one single pane.
Senior Network Engineer at a insurance company with 5,001-10,000 employees
I rate the scalability as a number 10.
Cybersecurity Team Leader at EMAK For Computer Manufacturing (ECM)
They scale up really well from smaller models like the FortiGate 40 and 50 to bigger sites with the FortiGate 100 for more throughput - up to enterprise datacenters.
IT Manager at Daltons Limited
The variation comes in terms of the interfaces and throughputs, but from a security perspective, you get the same benefit, irrespective of whether you have an entry-level unit or an enterprise.
Cewa Solutions Architect at a tech services company with 11-50 employees
We determine sizing based on multiple factors: number of users, available links, traffic types, server count, services in use, and whether services will be published.
General Surgery Specialist at Helwan University Cairo
Cloud deployments benefit from auto-scaling, allowing for automatic adjustments to firewall capacity based on demand.
Technical Lead at Accenture
It is important to assess the infrastructure size before choosing a model.
IP / Operations Support System Engineer; Pre-Sales Engineer at Avantguard.it
Palo Alto Networks NG Firewalls are scalable and reliable.
Senior Network Engineer L4 at a tech services company with 10,001+ employees
 

Stability Issues

Sentiment score
7.6
Cisco Secure Firewall is reliable with minimal downtime, strong stability, and consistent performance through effective updates and support.
Sentiment score
7.7
Fortinet FortiGate offers reliable and consistent performance, with quick resolution for occasional bugs, ensuring minimal downtime and high availability.
Sentiment score
8.5
Palo Alto Networks NG Firewalls are favored for their consistent stability and reliability, outperforming competitors in various scenarios.
We have often encountered split-brain scenarios during failover processes and code upgrades, which have been persistent problems for us.
Senior Manager, Network Engineering at TTi Power Equipment
We work with a cluster with high availability, so if something goes wrong, we have it functioning.
Cisco Secure Firewall offers exceptional performance and stability.
Principal Consultant at Epitome Infotech Solutions (P) Ltd
We're experiencing 99.999% availability consistently.
Manager, Information Technology at a consumer goods company with 11-50 employees
I would rate the stability of Fortinet FortiGate a ten out of ten.
NAC Support at Rah Infotech Pvt Ltd
Currently, we are experiencing a general outage of one of the main internet service providers of the Dominican Republic, and we have not been impacted in our operations because with SD-WAN, we have another internet service provider and we are working with the second WAN connection without any disruption.
CISO at a financial services firm with 1,001-5,000 employees
With appropriately configured policies, these firewalls can provide robust network security.
Solution Architect at a retailer with 201-500 employees
After the upgrade, we are experiencing performance issues.
Technical Engineer Technical Security at a tech services company with 10,001+ employees
I have not experienced any outages or issues.
IP / Operations Support System Engineer; Pre-Sales Engineer at Avantguard.it
 

Room For Improvement

Cisco Secure Firewall needs improvements in UI, integration, management, pricing, configuration stability, and overall performance to remain competitive.
Fortinet FortiGate users face high costs, integration and stability issues, sluggish support, and need improvements in usability and security features.
Palo Alto Networks NG Firewalls need improved reporting, support, affordability, AI features, integration, scalability, and better-performing hardware.
My ongoing complaint for the last six years has been the lack of CLI functionality, which hinders my ability to work on the firewall, alongside concerns regarding deployment time.
Senior Manager, Network Engineering at TTi Power Equipment
The GUI is useless for me and frustrates me to a very high degree, which led me to switch to the CLI for configuration.
Network Engineer at a logistics company with 10,001+ employees
Firewall as a Service can scale to a very large extent because it is a cloud-based offering that can scale up to a very large number, which is not a problem.
Chief Technology Officer at Binary Global Limited
It would be better for customers to get immediate replacements even with a standard subscription.
Director at a tech services company with 11-50 employees
It is how quickly each of these companies adapts to that and brings in more value to the customer.
Principal Consultant at Epitome Infotech Solutions (P) Ltd
The main area for improvement in Fortinet FortiGate is the firmware versions, as we face uncertainties regarding upgrades and frequent bugs that require self-fixing of problems.
Senior Manager IT at a tech services company with 1,001-5,000 employees
When performance degrades due to full packet inspection, the solution should be to increase the computing power within the same firewall, not to recommend upgrading to a larger, more expensive model.
Technical Engineer Technical Security at a tech services company with 10,001+ employees
Further integration into a unified system could improve usability.
Director IT Infrastructure and Operations at a analyst firm with 51-200 employees
Palo Alto Networks NG Firewalls lack built-in multi-factor authentication, requiring the purchase of a third-party tool to implement this essential security feature.
Head of data centers at a non-profit with 10,001+ employees
 

Setup Cost

Cisco Secure Firewall is often seen as high-priced, but offers robust features and support, justifying the expense.
Fortinet FortiGate is cost-effective with a good feature set, ideal for mid to large enterprises, though complex licensing.
Palo Alto Networks NG Firewalls are costly but valued for premium security, offering better value with multi-year licenses.
It's good to have them, however, it costs us a lot.
It Administration at Dilcon Community School
Basically, the license for the VPNs is for all the interfaces, and that is the thing that is really expensive compared with Palo Alto.
Technical Account Manager at a tech vendor with 5,001-10,000 employees
It's considered a premium, but people pay that price for Cisco.
Principal Consultant at Epitome Infotech Solutions (P) Ltd
It offers cost savings as it is generally cheaper than the competition.
IT Infrastructure Architect at Apotek 1
It is about 20% cheaper.
Network Security Engineer at TD SYNNEX
The advantages of Fortinet FortiGate over its competitors include good pricing and meeting our requirements at a lower cost.
Information Technology Infrastructure Section Head at a consumer goods company with 11-50 employees
Palo Alto Networks NG Firewalls are expensive.
Technical Engineer Technical Security at a tech services company with 10,001+ employees
Palo Alto Networks NG Firewalls come at a premium, exceeding the cost of most competitors by 45 percent.
Head of data centers at a non-profit with 10,001+ employees
Colleagues looking for the cheapest and fastest firewall can still use Palo Alto Networks NG Firewalls because they are affordable.
Director at Zuci Systems
 

Valuable Features

Cisco Secure Firewall offers robust features like VPN termination, powerful threat prevention, and seamless integration, ensuring effective network security.
Fortinet FortiGate offers robust security, ease of use, and integration, with cost-effectiveness and reliable support, enhancing network efficiency.
Palo Alto Networks NG Firewalls offer robust, user-friendly security with advanced AI, threat prevention, and centralized management features.
What stands out positively about Cisco is their training and support, which has effectively prepared engineers to work with their products.
Senior Manager, Network Engineering at TTi Power Equipment
This is very important to my organization, as we work extensively with security because we are a bank, so we can keep the data safe.
Network Security Administrator at a government with 501-1,000 employees
Cisco Secure Firewall allows me to safeguard Layer 7 or Layer 3 and manage the security rules with the business needs of my organization.
They put in a thing called the FortiCookbook, which is very easy to read with real-life scenarios that make networking tasks like joining networks very straightforward.
IT Manager at Daltons Limited
The firewall and VPN features are the most valuable in protecting our customers' networks.
Sales & Support at a tech services company with 1-10 employees
The most valuable feature is the deep inspection for traffic, which is capable of identifying zero-day attacks.
Consultant at SKYE AS
The most valuable features of Palo Alto Networks NG Firewalls are DNS sync calls, enabled security features, and Wildfire.
Technical Engineer Technical Security at a tech services company with 10,001+ employees
Threat Vault allows us access to a comprehensive threat database, enabling us to get detailed information on threats and how to mitigate them.
Senior Network Engineer L4 at a tech services company with 10,001+ employees
The most valuable feature of Palo Alto Networks NG Firewalls is Cortex Data Lake.
Solution Architect at a retailer with 201-500 employees
 

Mindshare comparison

As of July 2026, in the Firewalls category, the mindshare of Cisco Secure Firewall is 7.6%, up from 6.0% compared to the previous year. The mindshare of Fortinet FortiGate is 14.5%, down from 21.4% compared to the previous year. The mindshare of Palo Alto Networks NG Firewalls is 5.2%, up from 3.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls Mindshare Distribution
ProductMindshare (%)
Fortinet FortiGate14.5%
Cisco Secure Firewall7.6%
Palo Alto Networks NG Firewalls5.2%
Other72.7%
Firewalls
 

Featured Reviews

RajeshKumar - PeerSpot reviewer
Network Consultant at a outsourcing company with 1,001-5,000 employees
Unified policies have strengthened zero-trust demos and automate rapid threat containment
Feedback and Improvement Areas – Cisco Secure Firewall (Customer Perspective) From a customer point of view, there are a few improvement areas observed while positioning Cisco Secure Firewall in competitive scenarios. 1. Dashboard & Visibility Enhancements Customers often compare firewall dashboards across different OEMs during evaluation. * Competing vendors typically provide more feature-rich and visually detailed dashboards. * There is a perception that Cisco dashboards still require enhancement in terms of visualization, consolidated reporting, and built-in analytics. * Some OEMs advertise additional security capabilities clearly within their publicly available data sheets, making competitive positioning easier. In comparison, Cisco sometimes references separate documentation or explains how certain capabilities (such as anti-spam or antivirus functionality) can be achieved through integration or ecosystem components rather than native, built-in features. This creates a perception gap during customer discussions. Improvement Opportunity: * Enhance dashboard capabilities. * Clearly articulate feature availability in public documentation and data sheets. * Reduce dependency on cross-referenced documentation for commonly compared features. 2. Virtual Firewall / Multi-Instance Capabilities in Lower Models Another competitive challenge relates to virtual firewall capabilities. * Several OEMs provide virtual firewall (VDOM-like) functionality in lower-end models. * In Cisco’s portfolio, multi-instance capability typically starts from higher-end platforms such as the 3K series or higher. * Customers looking for smaller deployments with logical segmentation are often forced to consider higher models, resulting in a price jump. Competitors also offer: * Compact hardware models * Dongle-based firewall appliances * Smaller entry-level products with virtual segmentation In Cisco’s case: * To achieve similar multi-instance functionality, customers must opt for higher-tier models. * This creates a significant pricing gap in entry-level or SMB deployments. This pricing difference becomes a key factor when customers compare solutions. If competitors offer a lower-cost model with virtual segmentation, and Cisco requires a higher platform investment, customers may lean toward alternative OEMs. 3. Documentation Gaps – OT Protocol Visibility In our lab environment, we have deployed Cisco Secure Firewall and are using Application Visibility and Control (AVC) for OT network monitoring. Observations: * OT protocols are clearly visible within application visibility. * The firewall successfully identifies and classifies OT traffic. However: * This capability is not clearly mentioned in publicly available documentation. * When a feature is available and functional, it should be explicitly documented in data sheets and feature guides. The need for third-party integration depends on what we are looking for. Here I am saying that the integration with Cisco NAC can be done because RTC functionality is only available with Cisco ISE and the firewall integration. For other ecosystems, if we use a NAC solution that is not Cisco, we can still integrate it for user authentication, such as with VPN user authentication. But in that case, we don't achieve the same functionality, such as RTC with other NAC solutions. This is one aspect. Another part is that if we are using it, it always happens with some NAC solutions because we have Cisco NAC and Cisco firewall; we want consistent policy across the network, whether the user is on-prem or using VPN services. If this is a unified OEM solution, in that case, we require an agent, such as the Cisco Secure Client. That allows us to easily check the posture status of the remote user and connect to the network effortlessly. But if we are using a third-party solution, we can't achieve that. From a SIEM perspective, certain prerequisites must be fulfilled before integration with Cisco Secure Firewall can be completed. The feasibility of integration depends on the capabilities of the SIEM platform. If the SIEM solution supports the required APIs and event handling mechanisms, similar functionality can be achieved. Therefore, integration itself is generally not the challenge; the key consideration is the desired security outcome within the overall ecosystem. If the customer does not have a SIEM solution and intends to automate quarantine actions or enforce restricted access for users, a Network Access Control (NAC) solution becomes mandatory. In this scenario, the recommended NAC solution is Cisco Identity Services Engine (Cisco ISE). Automated quarantine and dynamic access control workflows are dependent on NAC capabilities. From a feature enhancement perspective for Cisco Secure Firewall, deeper NAC-driven integration adds significant value. 1. TrustSec / Tag-Based Policy Enforcement Cisco ISE supports Cisco TrustSec, which enables Security Group Tag (SGT)-based segmentation. * In traditional (legacy) networks, firewall policies are created based on IP addresses. * With TrustSec, policies are defined based on user identity, group membership, and security tags instead of IP subnets. * When users authenticate to the network, Cisco ISE assigns Security Group Tags (SGTs). * These tags are shared with Cisco Secure Firewall. * The firewall then enforces policies based on SGT-to-SGT rules rather than IP-to-IP rules. Benefits: * Significant reduction in the number of firewall rules * Simplified policy management * Improved scalability * Easier implementation of role-based access control This integration enhances operational efficiency and security posture. 2. Rapid Threat Containment (RTC) Another key capability is Rapid Threat Containment (RTC). If Cisco Secure Firewall detects malicious activity—such as malware download attempts identified via signature-based or advanced threat detection—it can notify Cisco ISE about the compromised endpoint. Based on this input: * Cisco ISE can automatically quarantine the user * The endpoint can be moved to a restricted VLAN * Access can be dynamically limited without manual intervention This automated workflow ensures faster response time and reduces the risk of lateral movement within the network. 3. VPN and Posture Assessment This functionality is not limited to wired or LAN users. For VPN users: * Authentication can be integrated with third-party NAC solutions. * However, if posture assessment (device compliance checking) is required in addition to authentication, Cisco ISE integration with Cisco Secure Firewall becomes essential. Cisco ISE enables: * Endpoint posture validation * Dynamic policy assignment * Automated remediation workflows
JK
IP Network Security Specialist at MTN Ghana
Process-Level CPU Visibility: Introduce detailed CPU-usage metrics per subsystem (e.g., IPS engine, logging) so administrators can quickly identify and address performance spikes.
Analytics with FortiAnalyzer. Being able to pull in logs not just from our FortiGates but from all our other firewalls and then get them in one view has been a game changer. Whether I’m building an executive dashboard or doing a deep dive forensics session, I get everything I need without navigating consoles.Straightforward Application Control. FortiGate spots and blocks unwanted apps (eq. like BitTorrent or streaming services) with accuracy. Segmentation with VDOMs. We’ve carved our data center into four logical ‘mini-firewalls’ enterprise, core, billing, and WAF—all on one box. Each has its own rules and logs, and any traffic between them still gets inspected. It’s like having multiple appliances without the extra hardware. Always-Up-to-Date Threat Feeds. Daily signature updates and AI-driven threat sensing mean we’re blocking the latest vulnerabilities almost as soon as they’re announced.
Nitin Yadav - PeerSpot reviewer
Network & Security Engineer at Arrow PC Network Pvt.Ltd.
Strong threat prevention has reduced phishing and malware while I monitor traffic in depth
Palo Alto Networks NG Firewalls offers application and user awareness, which allow me to control traffic based on threats. The product includes threat prevention, advanced threat prevention, and deep packet inspection that really helps prevent issues in our network. Deep packet inspection inspects full traffic content, even inside applications and encrypted sessions. Deep packet inspection makes a very practical difference day to day because it lets me see and control what is actually inside the traffic, not just the open port or IP. I have real visibility of which application is running instead of just seeing HTTPS. Palo Alto Networks NG Firewalls WildFire sandboxing is really good at detecting and blocking zero-day malware automatically, along with its GlobalProtect and DNS security features. Using Palo Alto Networks NG Firewalls positively impacts my organization by providing strong security, better visibility, faster response, and simplified operations. After deploying Palo Alto Networks NG Firewalls in our network, it blocks malicious traffic and prevents compromises that occurred before Palo Alto Networks NG Firewalls. I can now block outside IPs to prevent issues. After Palo Alto Networks NG Firewalls installation, I reduced 60 to 70 percent of malware and phishing attacks. Its threat prevention and DNS security features detect these attacks, block malicious domains, and reduce manual efforts for the security team.
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Comparison Review

it_user216600 - PeerSpot reviewer
Senior Technical Consultant with 51-200 employees
Jan 3, 2016
Sophos UTM vs. Fortinet FortiGate
I have used both Sophos and Fortinet products in production and I have found the Sophos UTM appliances (hardware and virtual) to be a better fit most of the time -- with a few caveats which I will touch on below. In both instances, the transition from TMG will be mostly straightforward. The main…
 

Top Industries

By visitors reading reviews
Construction Company
10%
Manufacturing Company
9%
Financial Services Firm
9%
Computer Software Company
8%
Comms Service Provider
10%
Computer Software Company
9%
Manufacturing Company
9%
Financial Services Firm
7%
Manufacturing Company
10%
Computer Software Company
9%
Financial Services Firm
9%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business192
Midsize Enterprise130
Large Enterprise236
By reviewers
Company SizeCount
Small Business369
Midsize Enterprise139
Large Enterprise195
By reviewers
Company SizeCount
Small Business77
Midsize Enterprise57
Large Enterprise87
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Fortigate 60d vs. Meraki MX67 for a small company without a dedicated IT Department
We have Meraki Mx devices now, we are looking to replace them. But that is because the Meraki MX platform lacks SSL I...
What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?
Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firew...
Features comparison between Palo Alto and Fortinet firewalls
In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it...
Which is better - Palo Alto Networks NG Firewalls or Sophos XG?
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat si...
 

Also Known As

Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall, Cisco Secure Firewall ASA Virtual - BYOL
Fortinet FortiGate Next-Generation Firewall
Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall
 

Overview

 

Sample Customers

There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
Find out what your peers are saying about Fortinet, Netgate, Cisco and others in Firewalls. Updated: May 2026.
902,894 professionals have used our research since 2012.