We performed a comparison between Cisco Secure Firewall vs. pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco Secure Firewall and pfSense come out about equal in this comparison. Cisco ASA Firewall has a slight edge when it comes to service and support, but pfSense has an edge when it comes to pricing.
"The most valuable features of Fortinet FortiGate are the ability to work in proxy mode, which other solutions, such as Palo Alto cannot. There are some features that are better that come at no extra license or subscriptions cost, such as basic SD-WAN. The DLT is useful, other solutions have the same feature too, such as Palo Alto."
"The most valuable features of Fortinet FortiGate are the rules and quality of service."
"The most valuable features of Fortinet FortiGate are the ease of use and the UI. It has always provided me with what I needed. I have no need for additional costs that other solutions have, such as Sophos."
"The signature database and zero-day detection are Fortinet FortiGate's most valuable features."
"It's a user-friendly firewall. Most of the tasks are very simple. It's simple to configure and troubleshoot this firewall."
"FortiGate improved our security. It's one of the best hardware firewalls."
"FortiGate has a very strong unified threat management system."
"The UTM feature is quite good. FortiAP is easy to deploy because both Fortigate and FortiAP are under the same brand. Otherwise, you need to do more work on the configuration."
"The greatest benefit that this has provided to our organization is that we've been able to adjust the time that it takes to implement firewall changes. It's gone from a week to less than half a day to implement a change, which means that our DevOps team can be much more agile, and there is much less overhead on the firewall team."
"It integrates with various Cisco security portfolios and products, and there is an easy and seamless integration for building a complete security framework for our customers."
"We definitely feel more secure. We have more control over things going in and out of our network."
"Implementing Cisco Secure Firewall has saved us time because we rely on most of the out-of-the-box signatures. It has reduced the time and effort spent in configuration within the security network."
"The management aspect of the product is very straightforward."
"All the features except IPS are valuable. IPS is not a part of my job."
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"We feel that we can trust the security, and our assets and business are well protected. We need to have trust in it, but we also see that it works. We have a security company that has tested that it works."
"The GUI is easy to understand."
"The product’s documentation is good."
"Sophos Intercept X is scalable. Currently, we have almost 30 people using it in our company."
"What I like about pfSense is that it works well and runs on an inexpensive appliance."
"The plugins or add-ons are most valuable. Sometimes, they are free of charge, and sometimes, you have to pay for them, but you can purchase or download very valuable plugins or add-ons to perform internal testing of your network and simulate a denial-of-service attack or whichever attack you want to simulate. You can also remote and monitor your network and see where the gap is. Did you forget a printer port? Most attacks at the moment are happening through printers, and they can tell you immediately that you forgot to close the port of the printer. There are more than one million printers that are in danger, and everybody knows that hackers are using them to enter the network. So, you can download plugins to protect your network."
"The initial setup was simple and fast."
"I like pfSense's reports and how I can control access to the policies on the firewall."
"Some of the terminologies were more familiar to me than it was when I first encountered Cisco."
"The cloud features and integration could be improved."
"Bandwidth usage in reporting could be improved for Fortinet FortiGate."
"Lacks training for new features."
"The support we receive when we need to upgrade is not satisfactory and has room for improvement."
"We would like to have the ability to disable some of the security functionalities."
"Fortinet FortiGate could improve the user interface. There should be more functionality and options through the GUI."
"Fortinet FortiGate could improve by having more storage in the hardware for log data."
"FortiGate should have a better way of detecting and managing the system memory because otherwise if the memory is too low, a system restart is required."
"The process of procuring modern-day technology within the DOD needs to improve."
"The integration between different tools could be improved. For example, with SecureX, I am yet to find out how to forward security events to different tools such as Microsoft Sentinel, which is what we use for log detection."
"The main problem we have is that things work okay until we upgrade the firmware, at which point, everything changes, and the net stops working."
"It would be nice if you didn't have to configure using a command-line interface. It's a bit technical that way."
"I would like to see more configurable feature parity with Cisco ASA, which is the legacy product that Cisco is moving away from. When configuring remote access VPN, not all of the options are there. You have to download another tool, which means that the configuration takes a little bit longer with Cisco Secure Firewall. Though it's getting there, there are still some features lagging behind."
"While this applies to all vendors, pricing can be always lower. In my opinion, Cisco is the most expensive. The pricing can be reduced."
"Other products are becoming easier to access and configure. They are providing UI interfaces to configure, take backup, synchronize redundant machines, and so on. It is very easy to take backup and upgrade the images in those products. Cisco ASA should have such features. If one redundant machine is getting upgraded, the technology and support should be there to upgrade other redundant machines. In a single window, we should be able to do more in terms of backups, restores, and upgrades."
"The maturity needs to be better."
"It was difficult to configure our web printer through the solution. This process could be easier. Additionally, integration with SD-WAN solution."
"I'd like to find something in pfSense that is more specific to URL filtering. We have customers who would like to filter their web traffic. They would like to be able to say to their employees, "You can surf the web, but you cannot get access to Facebook or other social media," or "You can surf the web, but you're not allowed to gamble or watch porn on the web." My technicians say that doing this kind of stuff with pfSense nowadays is not easy. They can implement some filters using IP addresses but not by using the names of the domains and categories. So, we are not able to exclude some categories from the allowed traffic, such as porn, gambling, etc. To do that, we have to use another product and another web filter that uses DNS. I know that there are some third-party products that could work with pfSense, but I'd like the native pfSense solution to do that."
"I would like to see pfSense integrate WireGuard. Currently, pfSense uses OpenVPN, and there's nothing wrong with it, but WireGuard is a lot leaner and meaner."
"It's just not listed as FIPS compliant for where we're at now in government, which is an issue."
"Ultimately, we'd like something stronger, and something that can handle threats better in real-time."
"The solution’s interface must be improved."
"The solution could be more user-friendly, and the graphical interface needs some work so that someone without an IT background can use the application. I would like the ability to manage the on-premise appliance from the cloud. When I'm not in the office, it would be great to connect to the pfSense server and administer the network remotely."
"In terms of areas of improvement, the interface seemed like it had a lot. The GUI interface that I had gotten into was rather elaborate. I don't know if they could zero in on some markets and potentially for small, medium businesses specifically, give them a stripped-down version of the GUI for pfSense."
Cisco Secure Firewall is ranked 3rd in Firewalls with 118 reviews while Netgate pfSense is ranked 2nd in Firewalls with 22 reviews. Cisco Secure Firewall is rated 8.4, while Netgate pfSense is rated 8.6. The top reviewer of Cisco Secure Firewall writes "The ability to implement dynamic policies for dynamic environments is important, given the fluidity in the world of security". On the other hand, the top reviewer of Netgate pfSense writes "Feature-rich, well documented, and there is good support available online". Cisco Secure Firewall is most compared with Meraki MX, Palo Alto Networks WildFire, Juniper SRX Series Firewall, Sophos XG and Check Point NGFW, whereas Netgate pfSense is most compared with OPNsense, Sophos XG, Untangle NG Firewall, Sophos UTM and WatchGuard Firebox. See our Cisco Secure Firewall vs. Netgate pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.