We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Fortinet FortiGate is user-friendly and affordable."
"It's quite comfortable to handle the FortiGate firewall."
"It is a one box solution, which covers most of the edge device’s requirements."
"I like how we can achieve total integration."
"Customers want to load balance more than eight lines or six internet lines. FortiGate is the only solution that can accomplish this."
"User-friendly and affordable security solution that's recommended for SMB customers. This solution has good technical support."
"The most valuable feature of FortiGate is FortiView which provides proactive monitoring."
"Using this product makes the VPN seamless and almost invisible to me in the sense that I don't have to think about it."
"I have found the most valuable feature to be the access control and IPsec VPN."
"When I was managing these firewalls, I found them easy to understand, easy to deploy, and easy to maintain as compared to some of the other firewalls I have been involved with earlier. The opinion of my coworkers is that it's easy and quick to establish new zones, expand, and maintain."
"The most valuable feature is the access control list (ACL)."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"The initial setup was completely straightforward."
"It allowed us to consolidating multiple security devices into a single appliance."
"The CLI is the most valuable feature. This solution is very flexible and offers different functionality including firewalls and VPN connectivity."
"It helped us a lot with our VPNs for the home office during COVID. There has been more security and flexibility for VPNs and other applications."
"I have not actually called their support line, because we have a direct contact to a senior engineer in the company for any issues that we handle with them. I will say they are very responsive, and they do give you the information you need when you need it."
"App-ID and User-ID have repeatedly shown value in securing business critical systems."
"The feature that I have found the most useful is that it meets all our requirements technically."
"The solution enables organizations to enforce policies."
"The initial setup was straightforward."
"Embedding it into my application development lifecycle prevents data loss and business disruption, allowing the adoption to operate at the speed of my AWS Cloud."
"The most valuable features of the solution are its stability, ease of implementation, ease of operation, and security."
"It is very stable. It is fairly easy to use."
"Backup can be improved."
"Scalability for Fortinet FortiGate needs to be improved. SD-WAN security for this solution also needs some improvement."
"I would like to see more advanced developments of a wireless controller in the future."
"Fortinet FortiGate could improve if it had a cloud-managed solution."
"The price of FortiGate should be reduced because there are some other leading products that are cheaper."
"Fortinet FortiGate could improve by having more capabilities for troubleshooting VPN connections. For example, I do get some feedback about the current status, but I could use some history and logging of important events. The information is logged in our Syslog server, but I could use that information from the device. If they could provide a GUI to have some more insight on what's going with my VPN would be useful."
"The UTM filtering needs improvement."
"Its reporting capabilities can be improved. It should have some out-of-the-box reporting capabilities and some degree of customization. The basic reporting that it currently has is not sufficient to create more usable reports. It needs some sort of out-of-the-box reporting. They try to make customers purchase FortiAnalyzer for this kind of reporting, which is an additional cost. Other firewall vendors, such as SonicWall and Sophos, provide this sort of reporting without any additional cost."
"We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful."
"10Gb interfaces should be available on more models."
"The one thing that the ASAs don't have is a central management point. We have a lot of our environments on FTD right now. So, we are using a Firewall Management Center (FMC) to manage all those. The ASAs don't really have that, but they are easy to use if you physically go into them and manage them."
"It seems very clunky and slow. I would like to be able to tune it to be a more efficient product."
"The solution could offer better control that would allow the ability to restrictions certain features from a website."
"The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it."
"An area for improvement is the graphical user interface. That is something that is coming up now. They could make the product more user-friendly. A better GUI is something that would make life much easier."
"You shouldn't have to use the ASDM to help manage the client."
"There's room for improvement in terms of integration with the load balancer. It isn't like Fortinet, which has a load balancer built into its firewall. It is effortless to integrate within the load balancer-plus-firewall solution."
"With Palo Alto Networks VM-Series, it is hard for me to manage its network configuration part."
"In the next release, I would like to see better integration of multi-factor authentication vendors."
"The user interface could use some improvement."
"I would like a way to do everything programmatically, or be able to copy the configs from different prices at different levels."
"There should be an option for direct integration with the Azure platform."
"AWS doesn't integrate well with third-party firewalls."
"Palo Alto Networks VM-Series needs to improve its order process."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 50 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Juniper SRX Series Firewall, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Juniper SRX Series Firewall and Huawei NGFW. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.
* Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.
* it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).
* I'm not sure this is the case for FTDv, but I don't think that would be different.
I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.
Neither.
I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain. And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).