Cisco Secure Firewall vs Palo Alto Networks NG Firewalls comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Cisco Secure Firewall and Palo Alto Networks NG Firewalls based on real PeerSpot user reviews.

Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Cisco Secure Firewall vs. Palo Alto Networks NG Firewalls Report (Updated: January 2023).
672,411 professionals have used our research since 2012.
Q&A Highlights
Question: Which is the best IPS - Cisco Firepower or Palo Alto?
Answer: Palo Alto's Vulnerability Protection (IPS) has a good rating from NSS Labs and allows the use of Suricata and Snort signatures. The PAN-OS 10 release includes local machine learning that protects against zero-day attacks.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The deep packet inspection is useful, but the most useful feature is application awareness. You can filter on the app rather than on a static TCP port.""When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well.""I have not contacted technical support. There is a lot of information on the internet for troubleshooting. All you need to do is use a search engine and you will find the information you are looking for easily.""If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.""The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic.""With Cisco, there are a lot of features such as the network map. Cisco builds the whole network map of the machines you have behind your firewall and gives you insight into the vulnerabilities and attributes that the host has. Checkpoint and Fortinet don't have that functionality directly on the firewall.""The most valuable feature is the anti-malware protection. It protects the endpoints on my network.""Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information."

More Cisco Secure Firewall Pros →

"One of the simple features I like about Palo Alto firewalls is that it's extremely easy to find out what's happening in the network. The reporting is phenomenal, and it's easy to find which threats have been detected and what traffic is going through the box. When a customer notices something is wrong, you can quickly check the amount of traffic going through the firewall around that time. If there is anything out of the ordinary, you can decide it needs to be investigated further.""The machine learning in the core of the firewalls, for inline, real-time attack prevention, is very important to us. With the malware and ransomware threats that are out there, to keep abreast of and ahead of those types of attacks, it's important for our devices to be able to use AI to distinguish when there is malicious traffic or abnormal traffic within our environment, and then notify us.""Most of the features in Palo Alto are very valuable.""I'm using most of its features such as antivirus, anti-spam, and WAF. I'm also using its DNS Security and DNS sinkhole features, as well as the URL filtering and application security features.""DNS Security is a good feature because, in the real world with web threats, you can block all web threats and bad sites. DNS Security helps to prevent those threats. It's also very helpful with Zero-day attacks because DNS Security blocks all DNS requests before any antivirus would know that such requests contain a virus or a threat to your PC or your network.""The sandboxing is valuable and they are frequently updating their signature database. We get new updates every five minutes. That makes it easy to detect new and unknown attacks.""The ease of use and the ease of configuration of our policies are the most valuable features.""It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things."

More Palo Alto Networks NG Firewalls Pros →

Cons
"Cisco is still catching up with its Firepower Next-Generation firewalls.""We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover.""I think they need to review their whole UI because it feels like it was created by a whole bunch of different teams of developers who didn't fully talk to each other. The net policy screen is just a mess. It should look like the firewall policy screen, and they should both act the same, but they don't. I feel like it's two different buildings or programming, who don't talk to each other, and that really annoys me.""The ability to better integrate with other tools would be an improvement.""Maybe the dashboard could be a bit better.""Its user interface is good, but it could be better. Currently, you have to know what to do before you can manage a device. If you don't know what to do, you can mess things up. There are some devices that are easier, such as FortiGate. The user interface of FortiGate is more intuitive. It is very easy to log in and configure things.""The only improvement that we could make is maybe [regarding] the roadmap, to have better visibility as to what we are targeting ahead in the next few quarters.""Cisco is not cheap, however, it is worth investing in these technologies."

More Cisco Secure Firewall Cons →

"There is a bit of limitation with its next-generation capabilities. They could be better. In terms of logs, I feel like I am a bit limited as an administrator. While I see a lot of logs, and that is good, it could be better.""I am in GCC in the Middle East. The support that we are getting from Palo Alto is disastrous. The problem is that the support ticket is opened through the distributor channel. Before opening a ticket, we already do a lot of troubleshooting, and when we open a ticket, it goes to a distributor channel. They end up wasting our time again doing what we have already done. They execute the same things and waste time. The distributor channel's engineer tries to troubleshoot, and after spending hours, they forward the ticket to Palo Alto. It is a very time-consuming process. The distributor channels also do not operate 24/7, and they are very lazy in responding to the calls.""From a documentation standpoint, there is room for improvement. Even Palo Alto says that their documentation is terrible.""In Mexico, Palo Alto's discounts are significantly lower than Cisco's. They are also more expensive – about 15% or 20% – than Cisco, but their platforms are very similar.""When we looked at it originally, we needed to host the Panorama environment ourselves. I would prefer it if we could take this as a service. It might be that it is available, but for some reason we didn't choose it. The downsides of hosting are that we need to feed and water the machines. We are trying to move to a more SaaS environment where we have less things in our data centers, whether they be in our cloud data centers or physical data centers, which can reduce our physical data center footprint.""In the cloud, the HA could be a lot better. Its price could also be better. It is very expensive.""When it comes to their support, we have to select every single component that we want to include in a particular bundle. That is a very tedious process. T""As part of our internet filtering, we integrate heavily with Active Directory, and we use security groups to separate staff into two groups: those who should have full access to the internet and those who should have limited access. It may be just the way the topology is for our domain controllers and that infrastructure, but at peak usage, there seems to be a delay in reading back against the security group to find out what group the user is in."

More Palo Alto Networks NG Firewalls Cons →

Pricing and Cost Advice
  • "The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
  • "I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
  • "It is affordable. The hardware is not that expensive anymore. It is a matter of licensing these days."
  • "Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
  • "I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
  • "We are happy with its price. Licensing is on a yearly basis for technical support. There is one license for technical support. There is another license for IP Version 2 VPN and IPS."
  • "I am happy with the product in general, including the pricing."
  • "Their pricing is very aggressive and good. Even a small company can afford it. I am happy with its pricing. Its licensing is on a yearly basis."
  • More Cisco Secure Firewall Pricing and Cost Advice →

  • "It is an expensive solution."
  • "Paul Alto is the most expensive solution in this category."
  • "On the lower end, it's likely to cost $15,000 for renovation and support."
  • "We pay for the licensing annually and the price could be cheaper."
  • "After the hardware and software are procured, it is the AMC support that has to be renewed yearly."
  • "Compared to other solutions, it's very expensive to set up and maintain."
  • "It is expensive."
  • "This solution is quite expensive."
  • More Palo Alto Networks NG Firewalls Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    672,411 professionals have used our research since 2012.
    Answers from the Community
    David Prieto
    Umesh Wadhwa - PeerSpot reviewerUmesh Wadhwa
    Real User

    Pricewise Cisco. But PA has better rating.

    Bingyu Zhang - PeerSpot reviewerBingyu Zhang
    User

    Palo Alto is better.

    Nguyen The  Huy - PeerSpot reviewerNguyen The Huy
    Real User

    In my Oppinion, Palo Alto is better than Cisco. You can refer in NSS Lab 2018 & 2019 DCSG-SVM, NSS-labs-NGIPS-Comparative-Report, and some report from Forester about Zero Trust Architecture, and Gartner SASE report to discus more advantages of Palo Alto in the future 

    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and usage at large. In my opinion, Fortinet would be the best option and l use… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fortigate is very stable, reliable, and consistent. We like that we can manage the… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco ecosystem, it is very simple to handle. This solution has traffic inspection and… more »
    Top Answer:Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firewall is easy to use and provides excellent support. Valuable features include… more »
    Top Answer:In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it kind of depends what you value most. PA is good at app control, web filtering… more »
    Top Answer:Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat signatures and updates. I also appreciate that I can just import addresses and URL… more »
    Ranking
    2nd
    out of 48 in Firewalls
    Views
    96,842
    Comparisons
    63,474
    Reviews
    90
    Average Words per Review
    860
    Rating
    8.3
    5th
    out of 48 in Firewalls
    Views
    32,505
    Comparisons
    23,269
    Reviews
    65
    Average Words per Review
    998
    Rating
    8.7
    Comparisons
    Also Known As
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall, Palo Alto Networks PA-Series
    Learn More
    Overview

    The Cisco Secure Firewall portfolio delivers greater protections for your network against an increasingly evolving and complex set of threats. With Cisco, you’re investing in a foundation for security that is both agile and integrated- leading to the strongest security posture available today and tomorrow.

      From your data center, branch offices, cloud environments, and everywhere in between, you can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, resulting in world class security controls everywhere you need them.

      Investing in a Secure Firewall appliance today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise, and stop threats faster.

      Palo Alto Networks NG Firewalls is a firewall solution designed for security teams that provides them with full visibility and control over all networks via powerful traffic identification, malware prevention, and threat intelligence technologies. In order to determine which applications, users, and content traversing the network are safe, the solution offers companies a variety of advanced security tools and strategies.

      Palo Alto Networks NG Firewalls Features

      Palo Alto Networks NG Firewalls has many valuable key features. Some of the most useful ones include:

      • Secure Application Enablement (App-ID, User-ID, Content-ID)
      • Malware Detection and Prevention (threat prevention service, buffer overflows and port scans, anti-malware capabilities, command-and-control protection, and WildFire)
      • DNS Security (URL filtering, predict and block malicious domains, signature-based protection, extensible cloud-based architecture)
      • Panorama Security Management (including graphical views and analytics, manage rules and dynamic updates, customizable application command center (ACC), log collection mode, physical or virtual appliance)
      • Threat Intelligence (high-fidelity threat intelligence, priority alerts, automatic extraction and sharing of prevention indicators, native integration with Palo Alto Networks products)

      Palo Alto Networks NG Firewalls Benefits

      There are several benefits to implementing Palo Alto Networks NG Firewalls. Some of the biggest advantages the solution offers include:

      • Dedicated management interface for managing and initial configuration of the device
      • Regular threat signatures and updates
      • Import addresses and URL objects from the external server
      • Configure and manage with REST API integration
      • Great throughput and connection speed is fair even in high traffic load
      • Deep visibility into the network activity through Application and Command Control
      • Easy to manage and very user friendly

      Reviews from Real Users

      Below are some reviews and helpful feedback written by Palo Alto Networks NG Firewalls users.

      A Solutions Architect at a communications service provider says, “The product stability and level of security are second to none in the industry. We value the security of our client's infrastructure so these features are valuable to us. An example of a very valuable feature behind Palo Alto is the application-aware identifiers that help the firewall know what its users are trying to do. It can block specific activities instead of just blocking categories. For example, you can block an application, or all unknown applications.”

      PeerSpot user Gerry H., CyberSecurity Network Engineer at a university, mentions that the solution has a “Nice user interface, good support, is stable, and has extensive logging capabilities.” He also adds, “Wildfire has been a very good feature. This solution provides a unified platform that natively integrates all security capabilities, which is 100% important to us. This is a great feature.”

      Eric S., Network Analyst at a recreational facilities/services company, states, "With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings."

      Offer
      Learn more about Cisco Secure Firewall
      Learn more about Palo Alto Networks NG Firewalls
      Sample Customers
      There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
      SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
      Top Industries
      REVIEWERS
      Financial Services Firm16%
      Comms Service Provider13%
      Computer Software Company9%
      Government8%
      VISITORS READING REVIEWS
      Computer Software Company20%
      Comms Service Provider17%
      Government8%
      Educational Organization5%
      REVIEWERS
      Comms Service Provider19%
      Computer Software Company17%
      Financial Services Firm13%
      Educational Organization9%
      VISITORS READING REVIEWS
      Computer Software Company20%
      Comms Service Provider11%
      Government7%
      Financial Services Firm6%
      Company Size
      REVIEWERS
      Small Business35%
      Midsize Enterprise25%
      Large Enterprise40%
      VISITORS READING REVIEWS
      Small Business28%
      Midsize Enterprise18%
      Large Enterprise53%
      REVIEWERS
      Small Business36%
      Midsize Enterprise27%
      Large Enterprise37%
      VISITORS READING REVIEWS
      Small Business25%
      Midsize Enterprise17%
      Large Enterprise58%
      Buyer's Guide
      Cisco Secure Firewall vs. Palo Alto Networks NG Firewalls
      January 2023
      Find out what your peers are saying about Cisco Secure Firewall vs. Palo Alto Networks NG Firewalls and other solutions. Updated: January 2023.
      672,411 professionals have used our research since 2012.

      Cisco Secure Firewall is ranked 2nd in Firewalls with 91 reviews while Palo Alto Networks NG Firewalls is ranked 5th in Firewalls with 71 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks NG Firewalls is rated 8.8. The top reviewer of Cisco Secure Firewall writes "The ability to implement dynamic policies for dynamic environments is important, given the fluidity in the world of security". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "Provides zero trust implementation, more visibility, and eliminated security holes". Cisco Secure Firewall is most compared with Fortinet FortiGate, Meraki MX, Palo Alto Networks WildFire, pfSense and WatchGuard Firebox, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Check Point NGFW, Fortinet FortiGate, Meraki MX and Sophos UTM. See our Cisco Secure Firewall vs. Palo Alto Networks NG Firewalls report.

      See our list of best Firewalls vendors.

      We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.