Cisco Secure Firewall vs Palo Alto Networks VM-Series comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.

Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Cisco Secure Firewall vs. Palo Alto Networks VM-Series Report (Updated: November 2023).
745,341 professionals have used our research since 2012.
Q&A Highlights
Question: Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?
Answer: hello. Capability is on par between the two vendors. Your best bet is to think about integration and how the FW will work with other tools/processes in your environment. Thanks
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The license management is very valuable. You can get a new license each year, or you can enroll every two to four years. You can get the logs, and you will get the information on the risk in your network and the entire organization. With this information, you can take action on your actives, computers, or devices. You can bring your own device as an SSE.""Fortinet FortiGate's ease of management is the most valuable feature.""Fortigate's most valuable feature is that it doesn't need a push policy when writing rules.""Fortinet FortiGate is a stable solution.""Security management tool that's easy to integrate and easy to work with. No issues found with its stability and scalability.""Fortinet FortiGate is easy to use. Anyone can easily maintain it.""The most valuable features of Fortinet FortiGate are the different types of profiling. It has been the most effective for me. The WAF and the antivirus profile are the most effective in network protection.""The most valuable feature of Fortinet FortiGate is URL filtering."

More Fortinet FortiGate Pros →

"Previously, our customers had to always utilize hand-to-hand delivery. Now, they are able to move completely to a secure digital method. They use a strictly dark fiber optics connection from a central location to the endpoint.""For our very specific use case, for remote access for VPN, ASAs are very good.""The IP filter configuration for specific political and Static NAT has been most valuable.""I like that Cisco Firepower NGFW Firewall is reliable. Support is also good.""The high-availability features, the VPN and the IPSec, are our top three features.""Cisco ASA Firewall is a well known product. They're always updating it, and you know what they're doing and that it works.""The solution is pretty easy to deploy.""The grouping of the solutions helps save time. If you have a problem and you have a high-level overview of the system, you can easily dig deeper into the problem. For example, I can check to see why ASA isn't working but the reason for the outage is actually because of Duo. I can spend a lot of time working in the wrong direction because I didn't have an overview."

More Cisco Secure Firewall Pros →

"It is an easy-to-scale product.""Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view.""Palo Alto Networks VM-Series is easy to maintain...From a security point of view, I find Palo Alto Networks VM-Series to be a better product compared to the other solutions in the market.""Palo Alto Networks VM-Series has everything centralized. You have the VPN solution, firewall, routing, UDR, flexibility, updates, and full visibility of your traffic.""Palo Alto Networks VM-Series's most valuable feature is the visibility of the environment.""The main advantage of Palo Alto Networks VM-Series stems from the fact that you can access it with the help of cloud services.""The VM-Series reports how much bandwidth a particular IP is using. You don't need to regularly log into a website, like a Cisco command, to see what kind of ACL it's getting. There isn't an ACL use portal event. You can go there and see how much my ACL has been getting me.""The most valuable feature is the CLI."

More Palo Alto Networks VM-Series Pros →

Cons
"There are mainly two areas of improvement in Fortinet FortiGate— the licensing cost and the timing of upgrading licenses for boxes.""Their software support needs improvement. I would prefer to have better support for bug fixes. Sometimes, we open a ticket, and it is very difficult to get a solution. Specifically, we are not at all happy with their support for load balancing.""I would like to see better pricing in the next release, as well as a simplification of the installation.""It can be a little bit more user-friendly in terms of policy definition and implementation. It seems a little bit complicated, and it could be simplified.""Lacks training for new features.""Usually, we sell the bundle with the UTM or threat management piece with IPS, IDS. Other providers, such as Palo Alto, are ahead in terms of safe functionality. So, for me, delivering truly safe service is probably something that still needs to be improved.""FortiGate should have a better way of detecting and managing the system memory because otherwise if the memory is too low, a system restart is required.""They have to just improve its performance when we enable all UTM features. When you enable all the features, the performance of FortiGate, as well as of Sophos and SonicWall, goes down."

More Fortinet FortiGate Cons →

"Third-party integrations could be improved.""It would be better if we could manage all of our firewalls as a set rather than individually. I would like to see a single pane of glass type of option. We also use another vendor's firewalls and they have a centralized management infrastructure that we have implemented. This infrastructure is a bit easier to manage.""We use the FTD management platform for the boxes. The GUI that manages multiple Firepower boxes could be improved so that the user experience is better.""This solution could be more granular and user-friendly.""I would like to see them add more next-generation features so that you don't need a lot of appliances to do just one task. It should be a single solution.""I'm not very familiar with the largest Firepower models, but competitors like Palo Alto seem to have a more capable engine to do, for instance, TLS/SSL decryption. As I understand, Firepower doesn't let you export the decrypted traffic so that, for instance, the security department can look at the traffic or inspect traffic. It's all in the box. I've heard rumors that this is something Cisco is working on, but it isn't yet available.""There is room for improvement in the stability or software quality of the product. There were a few things in the past where we had a little bit of a problem with the product, so there is room for improvement.""A feature that would allow me to load balance among multiple ISPs, especially since we have deployed it as a perimeter firewall, would be a great addition."

More Cisco Secure Firewall Cons →

"The utilization monitoring and GUI have room for improvement.""Recently, they introduced their Prisma Cloud solution. Compared to the previous technologies, like Panorama, which is used for centralized firewall management, or even the individual firewalls, it's a bit challenging to integrate the traditional firewall policies into Prisma Cloud.""With Palo Alto Networks VM-Series, it is hard for me to manage its network configuration part.""The web interface is very slow, and it needs to be faster.""The product could be better in terms of performance than one of its competitors.""We feel that the setup was complex. So, we asked the tech team about the setup process. They explained how to deploy it in the right way, which made it very simple.""There are some delays that I have observed when my company communicates with Palo Alto's support engineers.""There could be dynamic DNS features similar to Fortinet in the product."

More Palo Alto Networks VM-Series Cons →

Pricing and Cost Advice
  • "I had to pay for the license for the firewall, but it is guaranteed to have updates. I expect a good service for it. It was about €1000 for a year, and there was no additional cost."
  • "It is more expensive than Sophos. Fortinet is overall more expensive than Sophos. The small range of Fortinet, such as 60F and 80F, is more expensive than the small range of Sophos. Sophos is cheaper. In addition, if you jump from 80F Series to 100F Series, the price doubles."
  • "The license is yearly. We pay for the top end. It's called 360."
  • "Here in Brazil, we're going through difficult economic times and the tax on the dollar is high. All the solutions from minor competitors are growing in the market. The prices have come more competitive."
  • "Licensing for Fortinet FortiGate is on a yearly basis. Pricing for it is a bit high. It could be cheaper."
  • "The licensing scheme of Fortinet is better than Cisco. It is more logical."
  • "The solution requires a license annually, it is not a user license, you can have as many users as your want. I must renew the license regularly per device."
  • "It was probably about $2,500 per firewall. It was all included. It included support, services, threat management software, and 24/7 FortiCare on it. Cisco products are more expensive."
  • More Fortinet FortiGate Pricing and Cost Advice →

  • "Pricing for Cisco is expensive. There are additional costs for the licensing part, support, and even the hardware part. The device cost is very high. I would be very happy with an improvement on the price."
  • "The pricing was pretty comparable to other solutions when we purchased it."
  • "Cisco is cheaper than Check Point although it is not as cheap as Fortigate. But with the latest improvements in hardware and speed, the pricing is okay."
  • "The licensing package is good, but the licensing fee should be decreased."
  • "Once you know what the product is, it is not that bad. Yes, it is expensive. When you try to get a license, it is like, "Well, I don't know which one of these I need. And, if I don't buy it now, then I will probably be back later. Now, I have to justify the money." Typically, you end up just buying everything that you don't use most of the time. It is one of those solutions where you get what you pay for. If you don't know what you need, just buy everything. We have additional licenses that we don't use."
  • "The pricing is too high and the licensing is too confusing."
  • "It was pretty good and not expensive on the subscription side. Cisco is doing a good job on this."
  • "I wish there was an easier way to license the product in closed environments. I have worked in a number of closed environments, then it is a lot of head scratching. I know that we could put servers in these networks and that would help with the licensing. I have never been in a situation where we connected multiple networks, i.e., having an external network as well as an internal network, as those kinds of solutions are not always the best. I think licensing is always a headache for everyone, and I don't know if there is a simple solution."
  • More Cisco Secure Firewall Pricing and Cost Advice →

  • "Palo Alto definitely needs to be more competitive compared to other products. The problem that I have faced is that the price of licensing is very high and not very competitive."
  • "Initially, pricing was high. Later on, we were able to negotiate the pricing and get something that fits our budget."
  • "This is not the cheapest firewall but it's not the most expensive of the options on the market."
  • "Palo Alto Networks VM-Series is notably cheaper than other firewall vendors, except Fortigate."
  • "The product's most valuable feature is pricing."
  • "It is an expensive product."
  • "The solution is expensive. I rate its pricing a three out of ten."
  • "I rate Palo Alto Networks VM-Series pricing an eight out of ten."
  • More Palo Alto Networks VM-Series Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    745,341 professionals have used our research since 2012.
    Answers from the Community
    M Mari
    Aws Al-Dabbagh - PeerSpot reviewerAws Al-Dabbagh
    Real User

    I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.


    * Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.


    * it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).


    * I'm not sure this is the case for FTDv, but I don't think that would be different.


    I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.

    Dale Jackaman - PeerSpot reviewerDale Jackaman
    User

    Neither.  


    I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain.  And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).

    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and usage at… more »
    Top Answer:From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know… more »
    Top Answer:As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer: Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports… more »
    Top Answer:In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
    Top Answer:Both products are very stable and easily scalable The setup of Azure Firewall is easy and very user-friendly and the… more »
    Top Answer:The main advantage of Palo Alto Networks VM-Series stems from the fact that you can access it with the help of cloud… more »
    Comparisons
    Also Known As
    FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Learn More
    Overview

    Fortinet FortiGate is an innovative line of firewalls that aim to protect organizations from all types of web-based network threats. They come in a wide variety of product types. Fortinet FortiGate’s solutions are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

    Fortinet FortiGate provides users with next-generation firewall solutions that provide proven protection with unmatched performance across the network, from internal segments to data centers to cloud environments. You can protect every part of your network without exception. Additionally, your protections can be managed from a single central location. This ensures that the task of protecting your network is infinitely easier to accomplish.

    Benefits of Fortinet FortiGate

    Some of the benefits of using Fortinet FortiGate include:

    • The ability to manage your firewalls from a centralized automated control console. Fortinet FortiGate’s FortiManager enables administrators to exercise control of their firewalls in a streamlined manner. Administrators have full visibility and control over their system from a single location. It utilizes automation that collects information in real time, which greatly simplifies and reduces the cost of running various types of workflows. Administrators can free up resources by automating the most basic tasks.
    • The ability to produce uniform, appropriate, and coordinated responses to threats across networks. Fortinet FortiGate’s FortiGuard feature generates system protections in near real time. This allows administrators to address threats to the system with custom-made solutions that can be uniformly enforced.
    • The ability to scale up your security to fit your changing security needs. Fortinet FortiGate’s design allows users to accelerate the transfer of data between users and escalate the number of users that are covered without compromising security of performance. This means that users can grow their networks and continue to collaborate without worrying about the system slowing down or coming under attack.

    Reviews from Real Users

    Fortinet FortiGate’s firewall solutions are cutting edge. They stand out from competitors for a number of reasons. Two major ones are the robustness and power of their firewalls. Fortinet FortiGate’s firewall provides users with many valuable features that allow them to maximize what they can do with the solution. These firewalls enable users to use a single piece of software to accomplish tasks that often require the use of multiple pieces of software.

    PeerSpot user Eric S., a Solutions Engineer and Consultant at a tech-services company, notes the robustness of this solution when he writes, "One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface.”

    PeerSpot user Jim M., a network admin at Penobscot Valley Hospital, notes the power of Fortinet FortiGate’s security software when he writes, "It does a lot for you for intrusion protection and as an antivirus. The threat management bundle is worth the money. You don't need another company to monitor your web traffic for you. You can do everything yourself on the firewall. You restrict your own black list for people on the firewall.”

    Cisco Secure Firewall, including Firepower, is a powerful perimeter security solution used for network security, data center protection, advanced malware protection, and site-to-site VPNs. Its most valuable features include NGIPS, application visibility and control, VLAN implementations, intrusion prevention, threat defense, and NAT. 

    The solution has helped organizations discover their environment, improve security, implement dynamic policies, reduce operational costs, and protect against threats from outside and within the data center. Overall, Cisco Secure Firewall is a valuable tool for securing organizations and providing visibility into threats.

    Palo Alto Networks VM-Series is a highly effective advanced threat protection (ATP) solution and firewall that can be hosted on cloud computing technologies designed by many different companies. It decreases the amount of time that it will take administrators to respond to threats. Users that deploy VM-series have 70% less downtime than those who use similar firewalls. Neither protection nor efficiency are concerns when this next-generation firewall is in play.

    Palo Alto Networks VM-Series Benefits

    Some of the ways that organizations can benefit by choosing to deploy Palo Alto Networks VM-Series include:

    • Deployment flexibility. VM-Series can be deployed to protect both public and private cloud environments. This level of flexibility empowers organizations to run the environment or environments that best meet their needs without worrying that they are going to be exposed to digital threats due to the environment that they chose. 
    • Ease of use. In the public cloud, users of Palo Alto Networks VM-Series can automate their deployment and dynamically scale up their environment while experiencing a consistent level of protection. This dynamic scalability means that they also integrate their security into their DevOps workflows so that their security can keep up with their activities and requirements. Users of private cloud environments can set up security policies that can be automated to be provisioned as the need arises. Organizations don’t need to slow down when they deploy VM-Series because it makes the task of defending them so simple that they can set their defenses and forget that they are even there.
    • Detect and stop even the trickiest threats. Users gain a deep level of visibility when they deploy Palo Alto Networks VM-Series. App-ID technology enables organizations to see their network traffic on the application level and spot threats that might be trying to sneak in through vulnerable points in their defenses. It also leverages Palo Alto Networks WildFire and advanced threat protection to block the threats before they can escalate.

    Palo Alto Networks VM-Series Features

    Some of the many features Palo Alto Networks VM-Series offers include:

    • Central management system.  It comes with a central management system that enables users to set up and control their security operations from one location. Users don’t need to search for the tools that they need. This system allows for security consistency and complete control without requiring businesses to spend large periods of time to do so.
    • Blacklisting and whitelisting. Organizations can utilize blacklisting and whitelisting tools to ensure that their network traffic only contains the type of traffic that they want to be present. These tools make it possible for them to set specific web traffic sources as being either undesirable and thus blocked from entering their network or desirable and thus allowed to enter. 
    • Automation feature. The product’s automation feature can automate many critical functions that users would otherwise have to handle manually. Security policy updates are an example of a function that users can automate.

    Reviews from Real Users

    Palo Alto Networks VM-Series is a solution that stands out when compared to other similar solutions. Two major advantages that it offers are its ability to protect users without degrading the efficiency with which their networks perform and its centralized management system. 

    Jason H., the director of information technology at Tavoca Inc, writes, “There is no noticeable trade-off between security and network performance. In fact, so far, we've not seen any negative network performance with it. We're very impressed in that regard.”

    An information technology manager at a tech services company says, “We use Palo Alto’s Panorama centralized management system. We have an on-prem firewall where Panorama is very good for pulling logs in from the cloud so we can see what is going on. It gives us visibility into that as well as shows us what attacks are coming in. Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view.”

    Offer
    Learn more about Fortinet FortiGate
    Learn more about Cisco Secure Firewall
    Learn more about Palo Alto Networks VM-Series
    Sample Customers
    Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
    There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
    Warren Rogers Associates
    Top Industries
    REVIEWERS
    Comms Service Provider16%
    Computer Software Company9%
    Financial Services Firm8%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Educational Organization21%
    Computer Software Company15%
    Comms Service Provider8%
    Manufacturing Company5%
    REVIEWERS
    Financial Services Firm15%
    Comms Service Provider12%
    Computer Software Company12%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Educational Organization18%
    Computer Software Company16%
    Comms Service Provider9%
    Government7%
    REVIEWERS
    Computer Software Company18%
    Manufacturing Company18%
    Financial Services Firm14%
    Government14%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government7%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business48%
    Midsize Enterprise23%
    Large Enterprise30%
    VISITORS READING REVIEWS
    Small Business27%
    Midsize Enterprise32%
    Large Enterprise41%
    REVIEWERS
    Small Business35%
    Midsize Enterprise24%
    Large Enterprise42%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise28%
    Large Enterprise46%
    REVIEWERS
    Small Business39%
    Midsize Enterprise27%
    Large Enterprise34%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise14%
    Large Enterprise61%
    Buyer's Guide
    Cisco Secure Firewall vs. Palo Alto Networks VM-Series
    November 2023
    Find out what your peers are saying about Cisco Secure Firewall vs. Palo Alto Networks VM-Series and other solutions. Updated: November 2023.
    745,341 professionals have used our research since 2012.

    Cisco Secure Firewall is ranked 4th in Firewalls with 111 reviews while Palo Alto Networks VM-Series is ranked 9th in Firewalls with 13 reviews. Cisco Secure Firewall is rated 8.4, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Includes multiple tools that help manage and troubleshoot, but needs SD-WAN for load balancing". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Cisco Secure Firewall is most compared with Meraki MX, Palo Alto Networks WildFire, Netgate pfSense and Sophos XG, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Juniper SRX Series Firewall and CloudGuard Network Security. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.