Coming October 25: PeerSpot Awards will be announced! Learn more

Cisco Firepower NGFW Firewall vs Zscaler Internet Access comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Cisco Firepower NGFW Firewall and Zscaler Internet Access based on real PeerSpot user reviews.

Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Cisco Firepower NGFW Firewall vs. Zscaler Internet Access report (Updated: July 2019).
632,611 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I like that Cisco Firepower NGFW Firewall is reliable. Support is also good.""Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.""If configured, Firepower provides us with application visibility and control.""There are no issues that we are aware of. It does its job silently in the background.""The content filtering is good.""The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy.""I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete.""The most valuable feature is the access control list (ACL)."

More Cisco Firepower NGFW Firewall Pros →

"The data loss prevention feature is the most valuable. It stops our users from inadvertently leaking our customers' data to the Internet or anywhere else it shouldn't go.""The most valuable features of Zscaler Internet Access are it's on the cloud, high network performance, and the interception of users is very easy.""The VPN is valuable, as the whole technology is very different from a traditional VPN.""Zscaler covers all the features needed to replace a VPN or proxy solution. They are good. They've been on the market for 15 years now, so they are mature enough.""Zscaler Internet Access's roaming user feature is most valuable and is much better compared to other secure web gateways.""The protection is most valuable.""The security is excellent.""Overall, we're very happy with our product."

More Zscaler Internet Access Pros →

Cons
"Deploying configurations takes longer than it should.""Implementations require the use of a console. It would help if the console was embedded.""The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore.""We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover.""I'm not a big fan of the FDM (Firepower Device Manager) that comes with Firepower. I found out that you need to use the Firepower Management Center, the FMC, to manage the firewalls a lot better. You can get a lot more granular with the configuration in the FMC, versus the FDM that comes out-of-the-box with it. FDM is like Firepower for dummies.""Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment.""The solution could offer better control that would allow the ability to restrictions certain features from a website.""The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."

More Cisco Firepower NGFW Firewall Cons →

"I don't know whether it's Zscaler or not, however, sometimes I can't access my time management. I need to wait and try again a few hours later. Typically, if I let some time pass, I can access it again.""Zscaler Internet Access's troubleshooting is very limited, and their textbook logs need to be more informative.""I would like to see more training and video documentation.""They block Zscaler IPs when the traffic origin is from Zscaler IPs. They've been blocked by certain government organizations so the end users are not able to visit those websites unless we ask them to unblock those IP. This is a bit problematic.""One thing that they could improve is the ability to import rules from other platforms.""The solution can be improved by advancing some of the newer technologies such as the DLP feature, and adding email security.""Zscaler needs to add client-to-client communication. It's always client-to-server communication. The cloud and branch connectors could be improved because we're still dependent on traditional firewalls. They should eliminate this. They should also provide WAN devices should to compete with the SD-WAN solutions also.""The price of the solution could be improved."

More Zscaler Internet Access Cons →

Pricing and Cost Advice
  • "Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
  • "This product requires licenses for advanced features including Snort, IPS, and malware detection."
  • "This product is expensive."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The price of Firepower is not bad compared to other products."
  • "The solution was chosen because of its price compared to other similar solutions."
  • "The price is comparable."
  • "It definitely competes with the other vendors in the market."
  • More Cisco Firepower NGFW Firewall Pricing and Cost Advice →

  • "The pricing is fair based on its competitive market."
  • "The price is competitive. It's not cheap and it's not expensive."
  • "The pricing for Zscaler Internet Access could be made cheaper."
  • "The price of Zscaler Internet Access should improve, it is expensive."
  • "We have found the solution to be expensive."
  • "Licenses are available on a per-host basis. Some features like sandboxing require an additional fee, but most standard features are included in the license."
  • "We pay around 6,500 INR per user per year, which is very expensive. I would rate Zscaler's pricing one out of five."
  • "Because it's a cloud solution, we pay on a yearly basis. It is affordable and includes tech support and all features."
  • More Zscaler Internet Access Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    632,611 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and usage at large. In my opinion, Fortinet would be the best option and l use… more »
    Top Answer: The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers that fact, it is all the more impressive that the setup is a fairly… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco ecosystem, it is very simple to handle. This solution has traffic inspection and… more »
    Top Answer: Cisco Umbrella and Zscaler Internet Access are two broad-spectrum Internet security solutions that I have tried. Zscaler Internet Access is a good option for carrying out multiple security… more »
    Top Answer:We researched Netskope but ultimately chose Zscaler. Netskope is a cloud access security broker that helps identify and manage cloud applications, protecting your sensitive data from exfiltration.… more »
    Top Answer:The solution replaces multiple vendor technologies with one which makes it worth the cost.
    Ranking
    7th
    out of 48 in Firewalls
    Views
    46,314
    Comparisons
    30,118
    Reviews
    47
    Average Words per Review
    957
    Rating
    8.1
    Views
    36,582
    Comparisons
    28,926
    Reviews
    17
    Average Words per Review
    644
    Rating
    8.5
    Comparisons
    Also Known As
    Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
    ZIA
    Learn More
    Overview

    Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.

    Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.

    Key Features of Cisco NGFW Firewalls

    • Breach prevention and advanced security: Prevent attacks before they get inside. Cisco provides its firewalls with the latest intelligence to stop emerging threats and employs filtering to enforce policies on hundreds of millions of URLs. Cisco NGFW offers built-in sandboxing and advanced malware protection that continuously analyzes file behavior to quickly detect and eliminate threats.

    • Comprehensive network visibility: Constantly monitor your network so you can rapidly spot and stop bad behavior. Cisco NGFW provides a holistic view of all activity and provides a clear picture of threat activity across users, hosts, networks, and devices, as well as information on threats and website, application, and VM activities.

    • Flexible management and deployment options: Centrally deploy, customize, and manage all your appliances.

    • Fast detection: Detect threats in seconds and detect the presence of a successful breach within hours or minutes. Cisco NGFW allows you to deploy consistent policy that's easy to maintain, with automatic enforcement across all the different parts of your organization.

    • Automation and product integrations: Seamlessly integrate with Cisco tools and automatically share threat information, event data, policy, and contextual information with email, web, endpoint, and network security tools. Cisco NGFW automates security tasks like impact assessment, policy management and tuning, and user identification.

    Reviews from Real Users

    Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.

    Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."

    Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "

    Zscaler Internet Access is a cloud-native security service edge (SSE) platform. Its main purpose is to provide AI-powered protection for all users, all applications, and all locations. The solution replaces other legacy network security solutions to stop advanced attacks and prevent data loss by using a comprehensive zero trust approach.

    Zscaler Internet Access Features

    Zscaler Internet Access has many valuable key features. Some of the most useful ones include:

    • Proxy (native SSL)
    • IPS and advanced protection
    • Cloud sandbox
    • DNS security
    • Cloud firewall
    • URL filtering
    • Bandwidth control
    • DNS filtering
    • Cloud DLP w/EDM and IDM
    • Cloud access security broker (CASB)
    • Cloud security posture management (CSPM)
    • CloudBrowser isolation
    • Cloud secure web gateway (SWG)
    • Zero trust network access (ZTNA)
    • Digital experience monitoring

    Zscaler Internet Access Benefits

    There are several benefits to implementing Zscaler Internet Access. Some of the biggest advantages the solution offers include:

    • Fast access with zero infrastructure: Zscaler Internet Access creates a fast, seamless user experience because of its direct-to-cloud architecture. With no infrastructure, Zscaler Internet Access helps you eliminate backhauling, which improves performance and simplifies network administration.
    • Threat intelligence: By using threat intelligence, Zscaler Internet Access can stop ransomware, zero-day malware, and advanced attacks via Inline inspection of all internet traffic, including SSL decryption, and a suite of AI-powered cloud security services. 
    • Consistent security: With Zscaler Internet Access, your security policy goes everywhere your users go. When you move security to the cloud, all users, applications, devices, and locations remain protected and secure based on identity and context.
    • Hybrid workforce: Zscaler Internet Access enables secure access to all external and internal apps from anywhere, so remote work is not an issue. You can also enforce business policies that follow the user, making security identical regardless of location.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by Zscaler Internet Access users.

    A Service Manager at a construction company says, "There are a bunch of different capabilities that are valuable within the platform. We use quite a lot of them, but not everything. The ones that are most important to us are the URL Filtering and the application control. For our needs, the cloud-native proxy architecture is a very good solution. This architecture helps with cyber threats because we inspect most of the traffic and we can see that a lot of threats are stopped directly in the secure web gateway."

    Owen N., Security Architect at Claro Enterprise Solutions, explains that the solution’s most valuable features include “The integration of the gateway that inspects all ports and protocols. So, there is threat prevention; The cloud sandbox; VNS security; Access control that will protect URL filtering and the cloud firewall; Data protection that will protect your gateway, like your CASB or your cloud DLP; The capabilities of this will point your traffic to Zscaler Cloud.”

    An Architecture Senior Manager at an insurance company mentions, "The data loss prevention feature is the most valuable. It stops our users from inadvertently leaking our customers' data to the Internet or anywhere else it shouldn't go." He also adds, “The solution provides quick access to cloud services, securing our data and allowing us to inspect all our traffic.”

    Offer
    Learn more about Cisco Firepower NGFW Firewall
    Learn more about Zscaler Internet Access
    Sample Customers
    Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
    Ulster-Greene ARC, BanRegio, HDFC, Ralcorp Holdings Inc., British American Tobacco, Med America Billing Services Inc., Lanco Group, Aquafil, Telefonica, Swisscom, Brigade Group
    Top Industries
    REVIEWERS
    Comms Service Provider19%
    Financial Services Firm17%
    Government13%
    Computer Software Company6%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider18%
    Government8%
    Educational Organization5%
    REVIEWERS
    Comms Service Provider25%
    Computer Software Company15%
    Pharma/Biotech Company10%
    Financial Services Firm10%
    VISITORS READING REVIEWS
    Computer Software Company22%
    Comms Service Provider16%
    Financial Services Firm9%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business39%
    Midsize Enterprise26%
    Large Enterprise35%
    VISITORS READING REVIEWS
    Small Business27%
    Midsize Enterprise19%
    Large Enterprise53%
    REVIEWERS
    Small Business33%
    Midsize Enterprise8%
    Large Enterprise58%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise15%
    Large Enterprise66%
    Buyer's Guide
    Cisco Firepower NGFW Firewall vs. Zscaler Internet Access
    July 2019
    Find out what your peers are saying about Cisco Firepower NGFW Firewall vs. Zscaler Internet Access and other solutions. Updated: July 2019.
    632,611 professionals have used our research since 2012.

    Cisco Firepower NGFW Firewall is ranked 7th in Firewalls with 52 reviews while Zscaler Internet Access is ranked 2nd in Secure Web Gateways (SWG) with 21 reviews. Cisco Firepower NGFW Firewall is rated 8.2, while Zscaler Internet Access is rated 8.6. The top reviewer of Cisco Firepower NGFW Firewall writes "The ability to implement dynamic policies for dynamic environments is important, given the fluidity in the world of security". On the other hand, the top reviewer of Zscaler Internet Access writes " AI decision-making on quarantined documents reduces manual work". Cisco Firepower NGFW Firewall is most compared with Fortinet FortiGate, Cisco ASA Firewall, Meraki MX and Palo Alto Networks WildFire, whereas Zscaler Internet Access is most compared with Cisco Umbrella, Netskope CASB, Microsoft Defender for Cloud Apps, Forcepoint Secure Web Gateway and Palo Alto Networks WildFire. See our Cisco Firepower NGFW Firewall vs. Zscaler Internet Access report.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.