Try our new research platform with insights from 80,000+ expert users

Cisco Secure Firewall vs Zscaler Cloud Firewall comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
379
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
Cisco Secure Firewall
Ranking in Firewalls
6th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
428
Ranking in other categories
Cisco Security Portfolio (3rd)
Zscaler Cloud Firewall
Ranking in Firewalls
25th
Average Rating
8.2
Reviews Sentiment
8.0
Number of Reviews
18
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 21.2%, up from 17.7% compared to the previous year. The mindshare of Cisco Secure Firewall is 6.2%, up from 5.5% compared to the previous year. The mindshare of Zscaler Cloud Firewall is 0.4%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

Vasu Gala - PeerSpot reviewer
A stable solution with an intuitive interface and quick customer service
I have been working with Fortinet FortiGate, WatchGuard, Sophos, and SonicWall. I'm not as comfortable with SonicWall because of their UI and limitations. I prefer Fortinet above all other options. When it comes to configuration, I am confident in my ability to handle various tasks, including creating policies such as firewall rules, web policies, and application policies. Additionally, I can configure VPNs and implement load balancing, among other tasks. Overall, I feel much more comfortable working with Fortinet. Fortinet has made significant improvements by integrating AI with firewalls for threat analysis and prevention. In the past 2-3 years, they have launched FortiSASE and SIEM, and they also provide SOC services. Both Palo Alto and Fortinet FortiGate are excellent. While Fortinet FortiGate comes at higher prices, the functionality and support justify the cost. They promptly resolve firmware issues and inform all support providers about configuration changes.
Phil Shiflett - PeerSpot reviewer
Unified policies streamline network management but complex licensing requires attention
Cisco Secure Firewall has some growth opportunities in terms of visibility and control capabilities regarding managing encrypted traffic. It has the ability to analyze encrypted traffic, and there is potential for more integration with APIs and AI to enhance these capabilities. Cisco Secure Firewall needs improvement in deployment time and the capability to access the CLI during support calls. I often encounter issues when technical support uses a CLI that is not familiar to me while troubleshooting through the GUI. My ongoing complaint for the last six years has been the lack of CLI functionality, which hinders my ability to work on the firewall, alongside concerns regarding deployment time. For the next release, they should look at the features offered by competitors such as Fortinet, including the ability to perform packet capture directly from the interface. If they enhanced their troubleshooting efficiency related to packet capture for each specific rule, it would simplify the process significantly.
Bhaskar Rao - PeerSpot reviewer
Though it helps deal with web traffic or any malicious traffic, it needs to work on its DC performance issues
The product's initial setup phase is moderate in level, so it is neither very complex nor very easy. For the deployment, my company first needs to gather all the requirements of the users and the domain names and consider how many users there are in the company. In the implementation and planning part, my company needs to consider what kind of policies we will create while ensuring that the policies are created based on the requirements of the users. There is a need to segregate the users' requirements since there are separate departments in the company, like the HR department, sales department, IT department, and manufacturing department, so that our company can create policies depending on their requirements. On-site, if you want a GRE tunnel, our company can handle GRE tunnel traffic routing and Zscaler Cloud Firewall, after which Zscaler will take action based on the policies created by our organization. For the deployments and maintenance, a team of five members consisting of two managers and three engineers is required.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It blocks the vulnerabilities that can negatively impact us."
"The technical support in our region is excellent."
"It performs very well."
"The security features that they have are quite good. On top of that, their licensing model is quite nice where they don't charge you anything for the SD-WAN functionality for the firewall."
"The strengths of Fortinet FortiGate include network security, VPN, site-to-site tunnels, client VPN solutions, two-factor authentication for VPN clients, and SD-WAN for branch level. We have implemented these solutions for various customers."
"The most useful functionality of Fortinet FortiGate is the user interface, multiple engines, and their cloud with the latest integrations. Additionally, the Security Fabric tool is very good."
"The initial setup is straightforward."
"The most valuable feature of the solution revolves around SSL VPN."
"The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage and how to route a device. That's why I prefer Cisco. It's robust and I never have issues with the hardware. That's why I choose Cisco and not another vendor."
"All the rules are secure and we haven't had a significant malware attack in the five years that we've been using ASA Firewall. It has been a tremendous improvement for our network. However, I can't quantify the benefits in monetary terms."
"The CLI is the most valuable feature. This solution is very flexible and offers different functionality including firewalls and VPN connectivity."
"Cisco Secure Firewall scales with the growing needs of my organization, as we have different models and sizes, and our central boxes are powerful enough to cover whatever we want whenever we want."
"It just works for us."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"The feature I appreciate the most about Cisco Secure Firewall is the FMC platform where it merges multiple firewalls into one management plane."
"The user interface is very easy to manage and find rules. You can do object searches, which are very easy. Also, the logging is very simple to use. So, it is a lot easier to troubleshoot and find items inside the firewall."
"The product’s firewall and VPN package are fantastic compared to any other solution."
"The technical support from Zscaler was excellent."
"Zscaler is still a very good product."
"The scalability is okay. We have around 2200 people using this solution."
"Zscaler provides effective protection against various cyber threats ensuring a safe environment"
"Zscaler Cloud Firewall understands the applications in the current generation and adapts to the present generation cloud applications."
"If malicious traffic attacks our on-premises servers, then it gets blocked by Zscaler Cloud Firewall."
"Most of the features that Zscaler has to offer, we will deploy."
 

Cons

"Its filtering is sometimes too precise or strict. We sometimes have to bypass and authorize some of the sites, but they get blocked. We know that they are trusted sites, but they are blocked, and we don't know why."
"I think that the infrastructure for the VPN could be improved. The way that it is bundled also made it difficult to use and sell as it is too expensive."
"One drawback of Fortinet FortiGate is that they provide two types of models: one with a hard disk and another without. The model without a hard disk has very low ROM where you can store very few logs, after which you need to upload it to the cloud or purchase a firewall with SSD."
"From my experience, I see that the datasheets of the Fortinet FortiGate portfolio need to be more accurate because correct sizing is essential. The datasheets should provide clear information when deploying features."
"It should be more stable. There should be full integration within Fortinet products themselves as well as with other third-party products. Especially when you're not dealing with SIEM and the correlation of the security box, we want Fortinet to be able to share that information with as many other products as it can."
"The main thing they have to improve in Fortinet FortiGate is the technical support; the rest of the features are good enough. We can handle them, but sometimes you really need support, and in that case, we are not getting it at the proper time."
"FortiGate can only retain logs for 24 hours or 7 days. I'm not sure if it holds them for a longer period, such as for a month. It will be useful for assessing our strategy and monitoring our environment without investing in FortiGate Analyzer. It would be beneficial if Fortinet could enhance the FortiGate by providing more statistical and monitoring views for a longer timeframe, rather than requiring access to FortiGate Analyzer."
"Improvements for Fortinet FortiGate could be made by making it easier to implement on networks and simpler to add users and accounts that utilize this solution. That's basically the only challenge that I see."
"There used to be information displayed about the packets in a module called Packet Flow, but it is no longer there."
"The dashboard can be improved."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"Cisco Firewall is not user-friendly. They complicate simple configurations, requiring multiple steps."
"Cisco Secure Firewall should be easier to handle. It uses ASDM, which is not easy to understand. It would be better if there was direct access via HTTPS."
"It is not the newest, cutting-edge technology"
"Changes you make in the GUI sometimes do not reflect in the command line and vice versa."
"We see a lot of vendors in the market with a lot of niche products. I understand that it's difficult to cover everything, but making it more open for integration with other vendors would be a value add for Cisco."
"The product could improve its integration with some legacy systems."
"It would be nice to have some sort of a form factor, a physical form factor perhaps, or virtual machine that you could install on devices or on a cloud, and have some cloud computing."
"Data Leak Prevention is only for web filtering and there is no protection for email."
"Its technical support services could be better."
"Certain criteria need to be met if you want to scale this solution."
"Instead of the standard license, they should certainly provide customers with the visibility to access and view the logs."
"Apart from the issues associated with the product in areas like the DC performance issues and DC failover, Zscaler Cloud Firewall's IP should not have a proxy IP."
"If I can get rid of Jetscaler, I will use Twingate for sure."
 

Pricing and Cost Advice

"Their licensing costs are annual. The UTM feature license along with their support is called FortiCare. We include that as a part of the annual maintenance cost. Palo Alto or Juniper also have an annual subscription charge for UTM. Price, of course, can always be more competitive, but it is not the most expensive product. The price-performance ratio is quite high for FortiGate."
"It is not the cheapest one, but its price is very competitive."
"Fortinet has more device options that are affordable for small businesses than Palo Alto, and its enterprise-level models are also cheaper. Palo Alto also has a separate license for VPN connections and SD-WAN, but FortiGate offers these features standard."
"Fortinet is competitive price-wise."
"These boxes are not that expensive compared to what they can do, their functionality, and the reporting you receive. Fortinet licensing is straightforward and less confusing compared to Cisco."
"It's expensive, but compared to the competition it's okay."
"By default, they give SD-WAN along with the firewall. They don't have separate licensing for the SD-WAN functionality. However, they have security licenses that are sold separately on a subscription basis. Customers can consume these security features to protect their users from internet traffic."
"The pricing of the solution is very competitive."
"The ROI is good. Using ASA, we have saved 10% to 20% on our costs."
"Cisco is expensive, but you do get benefits for the price."
"I'd say it's probably well-priced."
"It is a great solution for medium or big enterprises, not so much for small businesses, mainly due to the financial costs."
"Based on the services that you will get, especially the AMP license, the price is very reasonable."
"Commercial leasing is the best option."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"The cost is a bit high compared to other solutions in the market."
"There are licensing costs, and I would not say that it's a cheap vendor."
"There is an annual license required for the use of the Zscaler Cloud Firewall."
"The product is a bit expensive compared to the solutions offered by its competitors, like Palo Alto. There is a need to make yearly payments towards the license in charges associated with the product."
"There are different subscription models available."
"It comes at a significantly reduced cost while ensuring control and effectiveness."
"The licensing is on a yearly basis. It is somewhere around 30 or 40 pounds per user for our organization."
"On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing an eight out of ten."
"It is expensive for small businesses."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
861,390 professionals have used our research since 2012.
 

Comparison Review

it_user206346 - PeerSpot reviewer
Mar 11, 2015
Cisco ASA vs. Palo Alto Networks
Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Educational Organization
10%
Comms Service Provider
8%
Manufacturing Company
7%
Educational Organization
26%
Computer Software Company
17%
University
6%
Manufacturing Company
6%
Computer Software Company
13%
Financial Services Firm
12%
Manufacturing Company
9%
Retailer
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
Which is better - Meraki MX or Cisco ASA Firewall?
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports netw...
Which lesser known firewall product has the best chance at unseating the market leaders?
Netscope, Zscaler if they continue route they are on now. FIrewalls needs great deal of automation on each end, datac...
What do you like most about Zscaler Cloud Firewall?
The product’s firewall and VPN package are fantastic compared to any other solution.
What is your experience regarding pricing and costs for Zscaler Cloud Firewall?
Zscaler Cloud Firewall is quite expensive compared to competitors. However, it offered moderate value for money.
 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
No data available
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Zenith Live, Azure, Carlsberg Group
Find out what your peers are saying about Cisco Secure Firewall vs. Zscaler Cloud Firewall and other solutions. Updated: July 2025.
861,390 professionals have used our research since 2012.