We performed a comparison between Cisco Secure Firewall and Palo Alto Networks NG Firewalls based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The deep packet inspection is useful, but the most useful feature is application awareness. You can filter on the app rather than on a static TCP port."
"When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."
"I have not contacted technical support. There is a lot of information on the internet for troubleshooting. All you need to do is use a search engine and you will find the information you are looking for easily."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"With Cisco, there are a lot of features such as the network map. Cisco builds the whole network map of the machines you have behind your firewall and gives you insight into the vulnerabilities and attributes that the host has. Checkpoint and Fortinet don't have that functionality directly on the firewall."
"The most valuable feature is the anti-malware protection. It protects the endpoints on my network."
"Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information."
"One of the simple features I like about Palo Alto firewalls is that it's extremely easy to find out what's happening in the network. The reporting is phenomenal, and it's easy to find which threats have been detected and what traffic is going through the box. When a customer notices something is wrong, you can quickly check the amount of traffic going through the firewall around that time. If there is anything out of the ordinary, you can decide it needs to be investigated further."
"The machine learning in the core of the firewalls, for inline, real-time attack prevention, is very important to us. With the malware and ransomware threats that are out there, to keep abreast of and ahead of those types of attacks, it's important for our devices to be able to use AI to distinguish when there is malicious traffic or abnormal traffic within our environment, and then notify us."
"Most of the features in Palo Alto are very valuable."
"I'm using most of its features such as antivirus, anti-spam, and WAF. I'm also using its DNS Security and DNS sinkhole features, as well as the URL filtering and application security features."
"DNS Security is a good feature because, in the real world with web threats, you can block all web threats and bad sites. DNS Security helps to prevent those threats. It's also very helpful with Zero-day attacks because DNS Security blocks all DNS requests before any antivirus would know that such requests contain a virus or a threat to your PC or your network."
"The sandboxing is valuable and they are frequently updating their signature database. We get new updates every five minutes. That makes it easy to detect new and unknown attacks."
"The ease of use and the ease of configuration of our policies are the most valuable features."
"It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things."
"Cisco is still catching up with its Firepower Next-Generation firewalls."
"We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover."
"I think they need to review their whole UI because it feels like it was created by a whole bunch of different teams of developers who didn't fully talk to each other. The net policy screen is just a mess. It should look like the firewall policy screen, and they should both act the same, but they don't. I feel like it's two different buildings or programming, who don't talk to each other, and that really annoys me."
"The ability to better integrate with other tools would be an improvement."
"Maybe the dashboard could be a bit better."
"Its user interface is good, but it could be better. Currently, you have to know what to do before you can manage a device. If you don't know what to do, you can mess things up. There are some devices that are easier, such as FortiGate. The user interface of FortiGate is more intuitive. It is very easy to log in and configure things."
"The only improvement that we could make is maybe [regarding] the roadmap, to have better visibility as to what we are targeting ahead in the next few quarters."
"Cisco is not cheap, however, it is worth investing in these technologies."
"There is a bit of limitation with its next-generation capabilities. They could be better. In terms of logs, I feel like I am a bit limited as an administrator. While I see a lot of logs, and that is good, it could be better."
"I am in GCC in the Middle East. The support that we are getting from Palo Alto is disastrous. The problem is that the support ticket is opened through the distributor channel. Before opening a ticket, we already do a lot of troubleshooting, and when we open a ticket, it goes to a distributor channel. They end up wasting our time again doing what we have already done. They execute the same things and waste time. The distributor channel's engineer tries to troubleshoot, and after spending hours, they forward the ticket to Palo Alto. It is a very time-consuming process. The distributor channels also do not operate 24/7, and they are very lazy in responding to the calls."
"From a documentation standpoint, there is room for improvement. Even Palo Alto says that their documentation is terrible."
"In Mexico, Palo Alto's discounts are significantly lower than Cisco's. They are also more expensive – about 15% or 20% – than Cisco, but their platforms are very similar."
"When we looked at it originally, we needed to host the Panorama environment ourselves. I would prefer it if we could take this as a service. It might be that it is available, but for some reason we didn't choose it. The downsides of hosting are that we need to feed and water the machines. We are trying to move to a more SaaS environment where we have less things in our data centers, whether they be in our cloud data centers or physical data centers, which can reduce our physical data center footprint."
"In the cloud, the HA could be a lot better. Its price could also be better. It is very expensive."
"When it comes to their support, we have to select every single component that we want to include in a particular bundle. That is a very tedious process. T"
"As part of our internet filtering, we integrate heavily with Active Directory, and we use security groups to separate staff into two groups: those who should have full access to the internet and those who should have limited access. It may be just the way the topology is for our domain controllers and that infrastructure, but at peak usage, there seems to be a delay in reading back against the security group to find out what group the user is in."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Cisco Secure Firewall is ranked 2nd in Firewalls with 91 reviews while Palo Alto Networks NG Firewalls is ranked 5th in Firewalls with 71 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks NG Firewalls is rated 8.8. The top reviewer of Cisco Secure Firewall writes "The ability to implement dynamic policies for dynamic environments is important, given the fluidity in the world of security". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "Provides zero trust implementation, more visibility, and eliminated security holes". Cisco Secure Firewall is most compared with Fortinet FortiGate, Meraki MX, Palo Alto Networks WildFire, pfSense and WatchGuard Firebox, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Check Point NGFW, Fortinet FortiGate, Meraki MX and Sophos UTM. See our Cisco Secure Firewall vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Pricewise Cisco. But PA has better rating.
Palo Alto is better.
In my Oppinion, Palo Alto is better than Cisco. You can refer in NSS Lab 2018 & 2019 DCSG-SVM, NSS-labs-NGIPS-Comparative-Report, and some report from Forester about Zero Trust Architecture, and Gartner SASE report to discus more advantages of Palo Alto in the future