Cisco Secure Firewall vs Palo Alto Networks VM-Series comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.

Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Cisco Secure Firewall vs. Palo Alto Networks VM-Series Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Q&A Highlights
Question: Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?
Answer: hello. Capability is on par between the two vendors. Your best bet is to think about integration and how the FW will work with other tools/processes in your environment. Thanks
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Fortinet FortiGate is user-friendly and affordable.""It's quite comfortable to handle the FortiGate firewall.""It is a one box solution, which covers most of the edge device’s requirements.""I like how we can achieve total integration.""Customers want to load balance more than eight lines or six internet lines. FortiGate is the only solution that can accomplish this.""User-friendly and affordable security solution that's recommended for SMB customers. This solution has good technical support.""The most valuable feature of FortiGate is FortiView which provides proactive monitoring.""Using this product makes the VPN seamless and almost invisible to me in the sense that I don't have to think about it."

More Fortinet FortiGate Pros →

"I have found the most valuable feature to be the access control and IPsec VPN.""When I was managing these firewalls, I found them easy to understand, easy to deploy, and easy to maintain as compared to some of the other firewalls I have been involved with earlier. The opinion of my coworkers is that it's easy and quick to establish new zones, expand, and maintain.""The most valuable feature is the access control list (ACL).""We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government.""The initial setup was completely straightforward.""It allowed us to consolidating multiple security devices into a single appliance.""The CLI is the most valuable feature. This solution is very flexible and offers different functionality including firewalls and VPN connectivity.""It helped us a lot with our VPNs for the home office during COVID. There has been more security and flexibility for VPNs and other applications."

More Cisco Secure Firewall Pros →

"I have not actually called their support line, because we have a direct contact to a senior engineer in the company for any issues that we handle with them. I will say they are very responsive, and they do give you the information you need when you need it.​""App-ID and User-ID have repeatedly shown value in securing business critical systems.""The feature that I have found the most useful is that it meets all our requirements technically.""The solution enables organizations to enforce policies.""The initial setup was straightforward.""Embedding it into my application development lifecycle prevents data loss and business disruption, allowing the adoption to operate at the speed of my AWS Cloud.""The most valuable features of the solution are its stability, ease of implementation, ease of operation, and security.""It is very stable. It is fairly easy to use."

More Palo Alto Networks VM-Series Pros →

Cons
"Backup can be improved.""Scalability for Fortinet FortiGate needs to be improved. SD-WAN security for this solution also needs some improvement.""I would like to see more advanced developments of a wireless controller in the future.""Fortinet FortiGate could improve if it had a cloud-managed solution.""The price of FortiGate should be reduced because there are some other leading products that are cheaper.""Fortinet FortiGate could improve by having more capabilities for troubleshooting VPN connections. For example, I do get some feedback about the current status, but I could use some history and logging of important events. The information is logged in our Syslog server, but I could use that information from the device. If they could provide a GUI to have some more insight on what's going with my VPN would be useful.""The UTM filtering needs improvement.""Its reporting capabilities can be improved. It should have some out-of-the-box reporting capabilities and some degree of customization. The basic reporting that it currently has is not sufficient to create more usable reports. It needs some sort of out-of-the-box reporting. They try to make customers purchase FortiAnalyzer for this kind of reporting, which is an additional cost. Other firewall vendors, such as SonicWall and Sophos, provide this sort of reporting without any additional cost."

More Fortinet FortiGate Cons →

"We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful.""10Gb interfaces should be available on more models.""The one thing that the ASAs don't have is a central management point. We have a lot of our environments on FTD right now. So, we are using a Firewall Management Center (FMC) to manage all those. The ASAs don't really have that, but they are easy to use if you physically go into them and manage them.""It seems very clunky and slow. I would like to be able to tune it to be a more efficient product.""The solution could offer better control that would allow the ability to restrictions certain features from a website.""The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it.""An area for improvement is the graphical user interface. That is something that is coming up now. They could make the product more user-friendly. A better GUI is something that would make life much easier.""You shouldn't have to use the ASDM to help manage the client."

More Cisco Secure Firewall Cons →

"There's room for improvement in terms of integration with the load balancer. It isn't like Fortinet, which has a load balancer built into its firewall. It is effortless to integrate within the load balancer-plus-firewall solution.""With Palo Alto Networks VM-Series, it is hard for me to manage its network configuration part.""In the next release, I would like to see better integration of multi-factor authentication vendors.""The user interface could use some improvement.""I would like a way to do everything programmatically, or be able to copy the configs from different prices at different levels.""There should be an option for direct integration with the Azure platform.""AWS doesn't integrate well with third-party firewalls.""Palo Alto Networks VM-Series needs to improve its order process."

More Palo Alto Networks VM-Series Cons →

Pricing and Cost Advice
  • "Fortinet has one or two license types, and the VPN numbers are only limited by the hardware chassis make."
  • "These boxes are not that expensive compared to what they can do, their functionality, and the reporting you receive. Fortinet licensing is straightforward and less confusing compared to Cisco."
  • "Go for long term pricing negotiated at the time of purchase."
  • "Work through partners for the best pricing."
  • "The value is the capability of having multiple services with one unique license, not having the limitation per user licensing schema, like other vendors."
  • "Easy to understand licensing requirements."
  • "​We saved a bundle by not needing all the past appliances from an NGFW.​"
  • "The cost is too high... They have to focus on more features with less cost for the customer. If you see the market, where it's going, there are a lot of players offering more features for less cost."
  • More Fortinet FortiGate Pricing and Cost Advice →

  • "Always plan ahead for three years. In other words, do not buy a firewall on what your needs are today, but try to predict where you will be three years from now in terms of bandwidth, security requirements, and changes in organizational design."
  • "I have to admit that the price is high. But I think it's worth it if the stability of your solution counts for you."
  • "It has a great performance-to-price value, compared to competitive solutions."
  • "Spec the right hardware model and choose the right license for your needs."
  • "Everything with Cisco is expensive. My advice is that there are a lot better options out in the market now."
  • "To discuss with Cisco Systems or their partners to gain the optimal price and to not consider, without verifying, the false information that Cisco ASA is very expensive."
  • "Cisco devices are for sure costly and budget could be an important constrain on selecting them as our security solution."
  • "​Price point is too high for features and throughput available.​"
  • More Cisco Secure Firewall Pricing and Cost Advice →

  • "For what you get, it does do what it says. It is a good value for an enterprise firewall.​"
  • "​The licensing is pretty much like everyone else."
  • "When you have a client compare box against box, a lot of times Palo Alto is a bit more expensive, but its network firewalls have a very rich ratio."
  • "Do not buy larges box if you do not need them. Rightsizing is a great task to do before​hand."
  • "I know Palo Alto is not cheap. They have been telling me, the members of the finance team, it is not a cheap solution. It is a solution whose target is that no matter how big your organization is, small, medium, or large, it is about the maturity of your security team or infrastructure team whom you want to work with."
  • "It is a little bit of crazy if you compare it to Vanguard, Sophos, or even Cisco. The newest version of Cisco, the Next-Generation Firewall of Cisco, is less expensive than Palo Alto. It is more comparable to Check Point."
  • "For licensing, It depends how they want to use the firewall. The firewall can be used only for IPS purposes. If you only want that firewall IPSs, you will only need a license that is called threat prevention. That license, threat prevention, includes vulnerabilities, antivirus signatures and one additional measure (that I can't remember), but it includes three measures and security updates."
  • "The box, if you do not want to buy the threat prevention license in the box, you can buy it only with the support license. It is for the support of the hardware. It works like a simple firewall. It integrates what it calls user IDs and application IDs. If you do not buy any other license, only the firewall, Palo Alto will also help you improve a lot of your security."
  • More Palo Alto Networks VM-Series Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Comparison Review
    Anonymous User
    Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning the management options: How to add and rename objects. How to update a device. How to find log entries. Etc. Cisco ASA Fast Management Suite: The ASDM GUI is really fast. You do not have to wait for the next window if you click on a certain button. It simply appears directly. On the Palo, each entry to add, e.g., an application inside a security rule, takes a few seconds. Better “Preview CLI Commands”: I am always checking the CLI commands before I send them to the firewall. On the Cisco ASA, they are quite easy to understand. I know, Palo Alto also offers the “Preview Changes”, but it takes a bit more time to recognize all XML paths. Better CLI Commands at all: For Cisco admins it is very easy to parse a “show run” and to paste some commands into another device. This is not that easy on a Palo Alto firewall. First, you must change the config-output format, and second, you cannot simply paste many lines into another device, since the ordering of these lines is NOT correct by default. That is, it simply doesn’t work. ACL Hit Count: I like the hit counts per access list entry in the GUI. It quickly reveals which entries are used very often and which ones are never used. On the… Read more →
    Answers from the Community
    M Mari
    Aws Al-Dabbagh - PeerSpot reviewerAws Al-Dabbagh
    Real User

    I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.


    * Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.


    * it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).


    * I'm not sure this is the case for FTDv, but I don't think that would be different.


    I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.

    Dale Jackaman - PeerSpot reviewerDale Jackaman
    User

    Neither.  


    I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain.  And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).

    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and usage at… more »
    Top Answer:From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know… more »
    Top Answer:As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer: Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports… more »
    Top Answer:In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
    Top Answer:Both products are very stable and easily scalable The setup of Azure Firewall is easy and very user-friendly and the… more »
    Top Answer:The most effective features of the solution for threat prevention are Layer 7 inspection, SSL decryption, IPS, and the… more »
    Comparisons
    Also Known As
    FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Learn More
    Overview

    Fortinet FortiGate enhances network security, prevents unauthorized access, and offers robust firewall protection. Valued features include advanced threat protection, reliable performance, and a user-friendly interface. It improves efficiency, streamlines processes, and boosts collaboration, providing valuable insights for informed decision-making and growth.

    Cisco Secure Firewall stands as a robust and adaptable security solution, catering to organizations of all sizes. It's designed to shield networks from a diverse array of cyber threats, such as ransomware, malware, and phishing attacks. Beyond mere protection, it also offers secure access to corporate resources, beneficial for employees, partners, and customers alike. One of its key functions includes network segmentation, which serves to isolate critical assets and minimize the risk of lateral movement within the network.

    The core features of Cisco Secure Firewall are multifaceted:

    • Advanced threat protection is achieved through a combination of intrusion prevention, malware detection, and URL filtering technologies.
    • For secure access, the firewall presents multiple options, including VPN, remote access, and single sign-on.
    • Its network segmentation capability is vital in creating barriers within the network to safeguard critical assets.
    • The firewall is scalable, effectively serving small businesses to large enterprises.
    • Management is streamlined through Cisco DNA Center, a central management system.

    The benefits of deploying Cisco Secure Firewall are substantial. It significantly reduces the risk of cyberattacks, thereby enhancing the security posture of an organization. This security also translates into increased productivity, as secure access means uninterrupted work. Compliance with industry regulations is another advantage, as secure access and network segmentation align with many regulatory standards. Additionally, it helps in reducing IT costs by automating security tasks and simplifying management processes.

    In practical scenarios, Cisco Secure Firewall finds diverse applications. It's instrumental in protecting branch offices from cyberattacks, securing remote access for various stakeholders, safeguarding cloud workloads, and segmenting networks to isolate sensitive areas.

    User reviews from PeerSpot reflect an overall positive experience with the Cisco Secure Firewall. Users appreciate its ease of configuration, good management capabilities, robust protection, user-friendly interface, and scalability. However, some areas for improvement include better integration capabilities with other vendors, maturity, control over bandwidth for end-users, and addressing software bugs.

    In summary, Cisco Secure Firewall is a comprehensive, versatile, and reliable security solution that effectively meets the security needs of various organizations. It offers a balance of advanced protection, user-friendly management, and scalability, making it a valuable asset in the realm of network security.

    Palo Alto Networks VM-Series is a highly effective advanced threat protection (ATP) solution and firewall that can be hosted on cloud computing technologies designed by many different companies. It decreases the amount of time that it will take administrators to respond to threats. Users that deploy VM-series have 70% less downtime than those who use similar firewalls. Neither protection nor efficiency are concerns when this next-generation firewall is in play.

    VM-Series is being deployed to protect both public and private cloud environments. This level of flexibility empowers organizations to run the environment or environments that best meet their needs without worrying that they are going to be exposed to digital threats due to the environment that they choose.

    In the public cloud, users of Palo Alto Networks VM-Series can automate their deployment and dynamically scale up their environment while experiencing a consistent level of protection. This dynamic scalability means that they also integrate their security into their DevOps workflows so that their security can keep up with their activities and requirements. Users of private cloud environments can set up security policies that can be automated to be provisioned as the need arises. Organizations don’t need to slow down when they deploy VM-Series because it makes the task of defending them so simple that they can set their defenses and forget that they are even there.

    Users gain a deep level of visibility when they deploy Palo Alto Networks VM-Series. App-ID technology enables organizations to see their network traffic on the application level and spot threats that might be trying to sneak in through vulnerable points in their defenses. It also leverages Palo Alto Networks WildFire and advanced threat protection to block the threats before they can escalate.

      Palo Alto Networks VM-Series Features:

      • Central management system - It has a central management system that enables users to set up and control their security operations from one location. Users don’t need to search for the tools that they need. This system allows for security consistency and complete control without requiring businesses to spend large periods of time to do so.
      • Blacklisting and whitelisting - Organizations can utilize blacklisting and whitelisting tools to ensure that their network traffic only contains the type of traffic that they want to be present. These tools make it possible for them to set specific web traffic sources as being either undesirable and thus blocked from entering their network or desirable and thus allowed to enter. 
      • Automation feature - The product’s automation feature can automate many critical functions that users would otherwise have to handle manually. Security policy updates are an example of a function that users can automate.

      Reviews from Real Users:

      Palo Alto Networks VM-Series is a solution that stands out when compared to other similar solutions. Two major advantages that it offers are its ability to protect users without degrading the efficiency with which their networks perform and its centralized management system. 

      Jason H., the director of information technology at Tavoca Inc, writes, “There is no noticeable trade-off between security and network performance. In fact, so far, we've not seen any negative network performance with it. We're very impressed in that regard.”

      An information technology manager at a tech services company says, “We use Palo Alto’s Panorama centralized management system. We have an on-prem firewall where Panorama is very good for pulling logs in from the cloud so we can see what is going on. It gives us visibility into that as well as shows us what attacks are coming in. Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view.”

      Sample Customers
      1. Amazon Web Services 2. Microsoft 3. IBM 4. Cisco 5. Dell 6. HP 7. Oracle 8. Verizon 9. AT&T 10. T-Mobile 11. Sprint 12. Vodafone 13. Orange 14. BT Group 15. Telstra 16. Deutsche Telekom 17. Comcast 18. Time Warner Cable 19. CenturyLink 20. NTT Communications 21. Tata Communications 22. SoftBank 23. China Mobile 24. Singtel 25. Telus 26. Rogers Communications 27. Bell Canada 28. Telkom Indonesia 29. Telkom South Africa 30. Telmex 31. Telia Company 32. Telkom Kenya
      There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
      Warren Rogers Associates
      Top Industries
      REVIEWERS
      Comms Service Provider16%
      Computer Software Company9%
      Financial Services Firm8%
      Manufacturing Company7%
      VISITORS READING REVIEWS
      Educational Organization20%
      Computer Software Company15%
      Comms Service Provider8%
      Manufacturing Company6%
      REVIEWERS
      Financial Services Firm15%
      Comms Service Provider12%
      Computer Software Company12%
      Manufacturing Company8%
      VISITORS READING REVIEWS
      Educational Organization20%
      Computer Software Company16%
      Comms Service Provider9%
      Government6%
      REVIEWERS
      Computer Software Company24%
      Manufacturing Company17%
      Financial Services Firm14%
      Government10%
      VISITORS READING REVIEWS
      Computer Software Company16%
      Financial Services Firm11%
      Manufacturing Company7%
      Government6%
      Company Size
      REVIEWERS
      Small Business48%
      Midsize Enterprise23%
      Large Enterprise30%
      VISITORS READING REVIEWS
      Small Business27%
      Midsize Enterprise32%
      Large Enterprise41%
      REVIEWERS
      Small Business35%
      Midsize Enterprise24%
      Large Enterprise42%
      VISITORS READING REVIEWS
      Small Business24%
      Midsize Enterprise30%
      Large Enterprise46%
      REVIEWERS
      Small Business41%
      Midsize Enterprise27%
      Large Enterprise32%
      VISITORS READING REVIEWS
      Small Business23%
      Midsize Enterprise16%
      Large Enterprise61%
      Buyer's Guide
      Cisco Secure Firewall vs. Palo Alto Networks VM-Series
      March 2024
      Find out what your peers are saying about Cisco Secure Firewall vs. Palo Alto Networks VM-Series and other solutions. Updated: March 2024.
      765,386 professionals have used our research since 2012.

      Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 50 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Juniper SRX Series Firewall, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Juniper SRX Series Firewall and Huawei NGFW. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.

      See our list of best Firewalls vendors.

      We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.