Coming October 25: PeerSpot Awards will be announced! Learn more

Cisco Firepower NGFW Firewall vs pfSense comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on August 24, 2022

Cisco Firepower NGFW vs pfSense

We performed a comparison between Cisco Firepower NGFW and pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Almost all user reviews of Cisco Firepower NGFW Firewall mentioned that the initial setup was easy and straightforward. In contrast, pfSense users share mixed reviews on deployment. Some think it is simple, while others say it is rather complex.
  • Features: Users of both solutions like the products’ stability and scalability.

    Cisco Firepower NGFW Firewall users like that the solution is easy to use, is fast, and has a great UI. Features that users feel are lacking include its limited data storage, the fact that it is missing some older ASA firewall codes, the slower speed at which policies are deployed, and slow load times.

    pfSense users like the solution’s flexibility and good documentation. Users express that the interface as well as the ease of use need to be improved.
  • Pricing: Users of Cisco Firepower NGFW Firewall say the pricing is expensive. pfSense is open-source.
  • Service and Support: Users of Cisco Firepower NGFW Firewall say that technical support is excellent. pfSense users say they are able to rely on community forums and discussions when necessary.
  • ROI: Users of both solutions report an ROI.

Comparison Results: The major difference between the two solutions is its price. While Cisco Firepower NGFW Firewall users agree that the solution is expensive, pfSense is open-source, but users are unhappy with its usability and therefore it seems that users consider Cisco Firepower NGFW Firewall to be the better option.

To learn more, read our detailed Cisco Firepower NGFW Firewall vs. pfSense report (Updated: August 2022).
633,952 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.""I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable.""If configured, Firepower provides us with application visibility and control.""It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS.""The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful.""Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch.""One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful.""With Cisco, there are a lot of features such as the network map. Cisco builds the whole network map of the machines you have behind your firewall and gives you insight into the vulnerabilities and attributes that the host has. Checkpoint and Fortinet don't have that functionality directly on the firewall."

More Cisco Firepower NGFW Firewall Pros →

"The solution is very easy to use and has a very nice GUI.""I like pfSense's security features.""Some of the terminologies were more familiar to me than it was when I first encountered Cisco.""The built-in open VPN and the VPN Client Export are the solution's most valuable aspects.""I'm the expert when it comes to Linux systems, however, with the pfSense, due to the web interface, the rest of the staff can actually make changes to it as required without me worrying about whether they've opened up ports incorrectly or not. The ease of use for non-expert staff is very good.""The documentation is very good.""It's a good solution for end-users. It's pretty easy to work with.""The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice. It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall."

More pfSense Pros →

Cons
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it.""Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing.""Cisco makes horrible UIs, so the interface is something that should be improved.""The performance should be improved.""Implementations require the use of a console. It would help if the console was embedded.""FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively.""We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond.""I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."

More Cisco Firepower NGFW Firewall Cons →

"In terms of areas of improvement, the interface seemed like it had a lot. The GUI interface that I had gotten into was rather elaborate. I don't know if they could zero in on some markets and potentially for small, medium businesses specifically, give them a stripped-down version of the GUI for pfSense.""pfSense could improve by having a sandboxing feature that I have seen in SonicWall. However, maybe it is available I am not aware of it.""It could use a little bit of improvement in the reporting.""It would be great to add more to security.""Other solutions provide more scope for growth. For instance, we can have only 10 to 20 employees on VPN, but other solutions can support more users. We also have more capabilities to increase the performance of the solution.""Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually.""The usage reports can be better.""The integration of pfSense with EPS and EDS could be better. Also, it should be easier to get reports on how many users are connecting simultaneously and how sections connect in real-time."

More pfSense Cons →

Pricing and Cost Advice
  • "Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
  • "This product requires licenses for advanced features including Snort, IPS, and malware detection."
  • "This product is expensive."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The price of Firepower is not bad compared to other products."
  • "The solution was chosen because of its price compared to other similar solutions."
  • "The price is comparable."
  • "It definitely competes with the other vendors in the market."
  • More Cisco Firepower NGFW Firewall Pricing and Cost Advice →

  • "We are using the open-source version, not the commercial one."
  • "It has almost zero cost, and it is open to us. It runs on a small appliance just for a couple of 100 bucks, and I've never had an appliance burn out on me yet."
  • "It is open source."
  • "I spent a couple of $1,000 on hardware, and the OS was free. A comparable firewall would cost me probably 20 grand. It saved a lot of money."
  • "I like the fact that it is open-source."
  • "The pricing is lower than some of its competitors."
  • "pfSense is open-source."
  • "We are using the open-source version which is free. We are testing the solution to see if we are going to go to the enterprise version which requires a license and is not free."
  • More pfSense Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    633,952 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and usage at large. In my opinion, Fortinet would be the best option and l use… more »
    Top Answer: The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers that fact, it is all the more impressive that the setup is a fairly… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco ecosystem, it is very simple to handle. This solution has traffic inspection and… more »
    Top Answer:You don't really specify what type of router you are looking for but if you are talking about a gateway router I recommend PFSense. This software solutions can be installed on youf own hardware or you… more »
    Top Answer:Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigate both cost-effective and efficient. One of the features we like most is that… more »
    Top Answer:Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and client, Open VPN and client, and PPTP client. Both also have intrusion detection and… more »
    Ranking
    7th
    out of 48 in Firewalls
    Views
    46,314
    Comparisons
    30,118
    Reviews
    47
    Average Words per Review
    957
    Rating
    8.1
    2nd
    out of 48 in Firewalls
    Views
    106,769
    Comparisons
    90,032
    Reviews
    58
    Average Words per Review
    468
    Rating
    8.6
    Comparisons
    Also Known As
    Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
    Learn More
    Netgate
    Video Not Available
    Overview

    Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.

    Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.

    Key Features of Cisco NGFW Firewalls

    • Breach prevention and advanced security: Prevent attacks before they get inside. Cisco provides its firewalls with the latest intelligence to stop emerging threats and employs filtering to enforce policies on hundreds of millions of URLs. Cisco NGFW offers built-in sandboxing and advanced malware protection that continuously analyzes file behavior to quickly detect and eliminate threats.

    • Comprehensive network visibility: Constantly monitor your network so you can rapidly spot and stop bad behavior. Cisco NGFW provides a holistic view of all activity and provides a clear picture of threat activity across users, hosts, networks, and devices, as well as information on threats and website, application, and VM activities.

    • Flexible management and deployment options: Centrally deploy, customize, and manage all your appliances.

    • Fast detection: Detect threats in seconds and detect the presence of a successful breach within hours or minutes. Cisco NGFW allows you to deploy consistent policy that's easy to maintain, with automatic enforcement across all the different parts of your organization.

    • Automation and product integrations: Seamlessly integrate with Cisco tools and automatically share threat information, event data, policy, and contextual information with email, web, endpoint, and network security tools. Cisco NGFW automates security tasks like impact assessment, policy management and tuning, and user identification.

    Reviews from Real Users

    Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.

    Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."

    Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "

    pfSense is a free and open-source operating system for routers and firewalls, and is typically configured as DHCP server, DNS server, WiFi access point, VPN server, all running on the same hardware device. It is operated through a user-friendly web interface, making administration easy even for users with limited networking knowledge.

    In addition, pfSense is feature-rich, has a mature platform, is customizable, is flexible by design, and can be used on a small home router as well as run the entire network of a large corporation. pfSense puts you in control of your networking, is regularly updated, and works to promptly patch security issues. pfSense has recently become the favored alternative to the industry leader, Cisco.

    pfSense is:

    • Robust
    • Powerful
    • Easy to use
    • Secure
    • Scalable

    pfSense Key Features

    pfSense has many key features and capabilities, including:

    • Strength and accuracy: pfSense is able to always follow either default or custom rules, making it a stronger firewall than some of its competitors. It also filters traffic separately, whether it’s coming from your internal network of devices or the open internet, allowing you to set different rules and policies for each.

    • Flexibility: pfSense can work both as a basic firewall and as a complete security system because it gives you the flexibility to integrate additional features as code where necessary.

    • Open-source: Because it is open-source, not only is pfSense free to use, but community members can contribute to the code to make it a better software.

    • User-friendly: Usually firewall products are not user-friendly because they often include complex settings, options, and features that require fine-tuning. pfSense’s interface is simple, direct, and easy to use.

    • WireGuard Support: Instead of building your own VPN using pfSense, or settling for a commercial VPN provider, you can directly integrate WireGuard with the pfSense firewall.

    • Speed Management and Fault Tolerance: pfSense’s multi-WAN feature allows your system to continue operating in case components fail.

    • Well-supported: pfSense regularly has security and feature updates. It also has a documentation site and a well-informed and knowledgeable support forum.

    Reviews from Real Users

    Below is some feedback from PeerSpot Users who are currently using the solution.

    Bojan O., CEO at In.sist d.o.o., says, “The classic features, such as content inspection, content protection, and the application-level firewall, are the most important."

    Another PeerSpot user, a chef at a media company, explains what he finds most valuable about pfSense: "The plugins or add-ons are most valuable. Sometimes, they are free of charge, and sometimes, you have to pay for them, but you can purchase or download very valuable plugins or add-ons to perform internal testing of your network and simulate a denial-of-service attack or whichever attack you want to simulate. You can also remote and monitor your network and see where the gap is."

    T.O., a VP of Business Development at a tech services company, mentions, "What I found most valuable is the cost of the platform, the flexibility of the platform, and the fact that the ongoing fees are not there as they are with the competitor."



    Offer
    Learn more about Cisco Firepower NGFW Firewall
    Learn more about pfSense
    Sample Customers
    Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
    Nerds On Site Inc., RKC Development Inc., Expertech, Fisher's Technology, Ncisive, Consulting, CPURX, Vaughn's Computer House Calls, Imeretech LLC, Digital Crisis, Carolina Digital Phone, Technigogo Technology Services, The Simple Solution, SwiftecITInc, Rocky Mountain Tech Team, Free Range Geeks, Alaska Computer Geeks, Lark Information Technology, Renaissance Systems Inc., Cutting Edge Computers, Caretech LLC, GoVanguard, Network Touch Ltd, P.C. Solutions.Net, Vision Voice and Data Systems LLC, Montgomery Technologies, Techforce, Concero Networks, ASONInc, CPS Electronics and Consulting, Darkwire.net LLC, IT Specialists, MBS-Net Inc., VOICE1 LLC, Advantage Networking Inc., Powerhouse Systems, Doxa Multimedia Inc., Pro Computer Service, Virtual IT Services, A&J Computers Inc., Envision IT LLC, CommunicaONE Inc., Bone Computer Inc., Amax Engineering Corporation, QPG Ltd. Co., IT 101 Inc., Perfect Cloud Solutions, Applied Technology Group Inc., The Digital Sun Group LLC, Firespring
    Top Industries
    REVIEWERS
    Comms Service Provider19%
    Financial Services Firm17%
    Government13%
    Pharma/Biotech Company6%
    VISITORS READING REVIEWS
    Comms Service Provider19%
    Computer Software Company19%
    Government8%
    Educational Organization5%
    REVIEWERS
    University12%
    Comms Service Provider10%
    Marketing Services Firm10%
    Energy/Utilities Company6%
    VISITORS READING REVIEWS
    Comms Service Provider31%
    Computer Software Company15%
    Government7%
    Educational Organization5%
    Company Size
    REVIEWERS
    Small Business39%
    Midsize Enterprise26%
    Large Enterprise35%
    VISITORS READING REVIEWS
    Small Business28%
    Midsize Enterprise18%
    Large Enterprise55%
    REVIEWERS
    Small Business70%
    Midsize Enterprise17%
    Large Enterprise13%
    VISITORS READING REVIEWS
    Small Business27%
    Midsize Enterprise21%
    Large Enterprise51%
    Buyer's Guide
    Cisco Firepower NGFW Firewall vs. pfSense
    August 2022
    Find out what your peers are saying about Cisco Firepower NGFW Firewall vs. pfSense and other solutions. Updated: August 2022.
    633,952 professionals have used our research since 2012.

    Cisco Firepower NGFW Firewall is ranked 7th in Firewalls with 53 reviews while pfSense is ranked 2nd in Firewalls with 58 reviews. Cisco Firepower NGFW Firewall is rated 8.2, while pfSense is rated 8.6. The top reviewer of Cisco Firepower NGFW Firewall writes "The ability to implement dynamic policies for dynamic environments is important, given the fluidity in the world of security". On the other hand, the top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". Cisco Firepower NGFW Firewall is most compared with Fortinet FortiGate, Cisco ASA Firewall, Meraki MX, Palo Alto Networks WildFire and Azure Firewall, whereas pfSense is most compared with OPNsense, Fortinet FortiGate, Sophos XG, Untangle NG Firewall and Check Point NGFW. See our Cisco Firepower NGFW Firewall vs. pfSense report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.