We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The payment function for applications is good."
"Whenever I need something, Fortinet improves and updates the software for me."
"The solution is stable."
"It has very easy management and an amazing ETM configuration."
"The notable features that I have found most valuable are that it includes the antivirus, and also IPS, and even SD-WAN."
"One of the valuable features is a standardized OS."
"Its user interface is good, and it is always working fine."
"The virtual firewall feature is the most valuable. We have around 1,500 firewalls. We did not buy individual hardware, and the virtual firewalls made sense because we don't have to keep on buying the hardware. FortiGate is easier to use as compared to Checkpoint devices. It is user friendly and has a good UI. You don't need much expertise to work on this firewall. You don't need to worry much about DCLA, commands, and things like that."
"Simple to deploy, stable."
"Being able to use it as a policy-based VPN is valuable. It's very easy to understand. It's very easy to troubleshoot."
"I think that the firewall feature is the most valuable to me as it is one of the oldest features for this solution. We also appreciate how stable the VPN is."
"The firewall power that comes with Cisco ASAv is the most valuable asset. They are are very easy to manage."
"Cisco Secure Firewall is robust and reliable."
"The configuration was kind of straightforward from the command line and also from the ASDM. It was very easy to manage by using their software in Java."
"The product is quite robust and durable."
"Firepower has reduced our firewall operational costs by about 25 percent."
"It scales linearly with load and no issues."
"A solid operating system with all the necessary data center security features."
"It is reliable and the support is very good."
"In terms of security breaches, the product aids in categorizing and monitoring traffic, allowing for the identification of potentially malicisous or incorrectly formatted applications."
"The most valuable feature is the Posture Assessment."
"You already can scale it if you put it in Auto Scaling groups. If you put it in a load balancer, it should already be able to scale."
"It is very stable. It is fairly easy to use."
"It provides complete security posture from end-to-end. This has given us better visibility into what our security aspects are."
"Compared to some other products, the DLP is not at par for the moment."
"They sometimes hide some features and if you want to enable them, you have to go in the CLI, enable the feature and configure it through the CLI. Customers, typically, like everything to be done by the GUI."
"They are doing good, but they can improve the distributor assignment. The availability of the product and the timeline of delivery are the main things. The distribution should be swift, and the distributor should not reach out to end customers directly. They should work as a distributor. There should also be one more local distributor. Currently, there is only one distributor in Pakistan, and the rest of them are in UAE. It is difficult to work with only one distributor. Sometimes, you don't get along with the same distributor, and that's why they should have one more distributor. Their licensing should also be improved. The activation or renewal of the product should be done from the date of renewal, not from the date on which the license expired."
"This product needs to have an analysis feature, rather than having the analysis done through the integration of a different product."
"The sniffing packets or packet captures, can be simplified and improved because it's a little confusing."
"I would like Fortinet to add more automation to FortiGate."
"It should be more stable. There should be full integration within Fortinet products themselves as well as with other third-party products. Especially when you're not dealing with SIEM and the correlation of the security box, we want Fortinet to be able to share that information with as many other products as it can."
"Application management can be improved."
"I have worked with the new FTD models and they have more features than the ASA line."
"Cisco ASA Firewall could improve by adding more advanced features such as web filtering, which is available in the next-generation firewalls. However, the Cisco ASA Firewall I am using could be old and these features have been updated."
"The solution needs to have better logging features."
"The user interface is too complex for people who are not trained to or certified to engage with the product. The interface should be easier to use."
"I would like for the user interface to be easier for the admin and network admin. I would also like to be able to access everything from the GUI interface. The way it is now, it needs somebody experience in iOS to be able to operate it. I would like to have a GUI interface."
"Changes you make in the GUI sometimes do not reflect in the command line and vice versa."
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."
"I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than with ASAv."
"There are various reports that come with the box or with the VMware, but you can only run them daily."
"From time to time, they have released some content updates that have some issues, maybe twice a year."
"The current licensing model can be a sore point as we're paying for features we're not fully utilizing."
"The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters."
"There should be an option for direct integration with the Azure platform."
"The implementation should be simplified."
"Just sometimes it can be a bit sluggish navigating through pages. That is just purely because of Java."
"In the next release, I would like to see better integration of multi-factor authentication vendors."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 50 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Juniper SRX Series Firewall, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Juniper SRX Series Firewall and Huawei NGFW. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.
* Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.
* it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).
* I'm not sure this is the case for FTDv, but I don't think that would be different.
I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.
Neither.
I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain. And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).