Cisco Secure Firewall vs Palo Alto Networks VM-Series comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.

Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Cisco Secure Firewall vs. Palo Alto Networks VM-Series Report (Updated: November 2022).
657,849 professionals have used our research since 2012.
Q&A Highlights
Question: Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?
Answer: hello. Capability is on par between the two vendors. Your best bet is to think about integration and how the FW will work with other tools/processes in your environment. Thanks
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Cisco ASA works very nicely from an administration perspective. The management of the device is very nice. The ASDM (Adaptive Security Device Manager) is the software that we use and it is very easy to configure using the GUI.""The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic.""Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches.""The clusters in data centers are great.""When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well.""They are easy to maintain.""Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA. The biggest advantage of Cisco products is technical support. They provide the best technical support.""It is a very stable product. I've not had any issues with it. It is a super product, and I won't need to change it anytime soon."

More Cisco Secure Firewall Pros →

"The VM series has an advantage over the physical version because we are able to change the sources that the machine has, such as the amount of available RAM.""The most valuable feature is the CLI.""Using Palo Alto Networks Panorama, we were able to deploy a single point of management and visualization of the firewall infrastructure in cloud, on-premise and integrated with Azure to automate scale up. Its security features, i.e. anti-malware, threat prevention, URL Filtering, VPN, and antivirus are the most valuable. The ID-User integrated with AD and 2FA features are also very useful to provide secure access to servers and some users in the company. ""Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view.""Palo Alto Networks VM-Series is very easy to use.""The initial setup was straightforward.""With the improved visibility we now have, the traffic is being properly monitored, which means that we are better able to manage it. These are improvements that we saw very quickly."

More Palo Alto Networks VM-Series Pros →

Cons
"One area that could be improved is its logging functionality. Your logs are usually displayed on the screen, but if you want to go back one or two days, then you need another solution in place because those logs are overwritten within minutes.""We don't have any serious problems. The firewall models that we have are quite legacy, and they have slower performance. We are currently investigating the possibility of migrating to next-generation firewalls.""I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement.""Setting firewall network rules should be more straightforward with a clearer graphical representation. The rule-setting method seems old-fashioned. The firewall and network rules are separate from the Firepower and web access rules.""It can probably provide a holistic view of different appliances because many customers do not have only one brand, besides the traditional SNMP protocols, to cover all their devices. There are some specific requirements in terms of configurations or actions that sometimes have to be done in a very manual way because of the different versions or brands in a customer's infrastructure. It could also have some additional analytics capabilities. It has some very interesting ways to monitor the traffic and identify false positives from the architecture and the environment. It would be good if there is a way to patch with some other industry-specific solutions and synchronize some of the information, such as what other customers experience in their operations and probably share some additional information that could be leveraged or shared among the industry. Such information would be something interesting to see. It could have AI capabilities related to how the appliances could benefit from learning the current environment and different exposures.""They should work on making it a little more intuitive for users and not quite as complex. Still, it's a good product.""If the implementation was easier, it would be a lot better for us.""Maybe the dashboard could be a bit better."

More Cisco Secure Firewall Cons →

"It'll help if Palo Alto Networks provided better documentation.""We feel that the setup was complex. So, we asked the tech team about the setup process. They explained how to deploy it in the right way, which made it very simple.""The implementation should be simplified.""Integrative capabilities with other solutions should be addressed.""At the beginning of the implementation, we had some difficulties with the scripts, but Palo Alto Networks support together with a local partner finally fixed it.""The web interface is very slow, and it needs to be faster.""It would be helpful if we had a direct number for the support manager or the supporting engineer. That would be better than having to email every time because there would be less wait."

More Palo Alto Networks VM-Series Cons →

Pricing and Cost Advice
  • "They seem to be at the top end in terms of pricing, but they are worth the price. They are probably a little bit lower than Palo Alto. If the customers are relying on Cisco products and they are thinking more in terms of scaling to another layer in a year, it is pretty much in a good price range."
  • "We're using the smart license for this firewall. The models that we have require licensing for remote access."
  • "There are licensing costs."
  • "I just bought it off the shelf, and I'm using it with my previous one, so I have not spent that much."
  • "The price is fair. It's not the cheapest, but it's not bad."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The product is very expensive."
  • "This is an expensive product, although when you buy this solution, you can do many things so it provides good value for the investment."
  • More Cisco Secure Firewall Pricing and Cost Advice →

  • "The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used."
  • "Because I work for a university and the URL is for the institution, it's a free license for us."
  • "It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years."
  • "The VM series is licensed annually."
  • "Palo Alto definitely needs to be more competitive compared to other products. The problem that I have faced is that the price of licensing is very high and not very competitive."
  • "Initially, pricing was high. Later on, we were able to negotiate the pricing and get something that fits our budget."
  • "This is not the cheapest firewall but it's not the most expensive of the options on the market."
  • More Palo Alto Networks VM-Series Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    657,849 professionals have used our research since 2012.
    Answers from the Community
    M Mari
    Aws Al-Dabbagh - PeerSpot reviewerAws Al-Dabbagh
    Real User

    I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.


    * Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.


    * it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).


    * I'm not sure this is the case for FTDv, but I don't think that would be different.


    I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.

    Dale Jackaman - PeerSpot reviewerDale Jackaman
    User

    Neither.  


    I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain.  And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).

    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and usage at large. In my opinion, Fortinet would be the best option and l use… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fortigate is very stable, reliable, and consistent. We like that we can manage the… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco ecosystem, it is very simple to handle. This solution has traffic inspection and… more »
    Top Answer:In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it kind of depends what you value most. PA is good at app control, web filtering… more »
    Top Answer:Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the overall cost is reasonable. Azure Firewall offers a solid threat awareness, can… more »
    Ranking
    2nd
    out of 48 in Firewalls
    Views
    99,561
    Comparisons
    66,518
    Reviews
    117
    Average Words per Review
    751
    Rating
    8.3
    18th
    out of 48 in Firewalls
    Views
    11,160
    Comparisons
    7,601
    Reviews
    6
    Average Words per Review
    726
    Rating
    8.8
    Comparisons
    Also Known As
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Learn More
    Overview

    The Cisco Secure Firewall portfolio delivers greater protections for your network against an increasingly evolving and complex set of threats. With Cisco, you’re investing in a foundation for security that is both agile and integrated- leading to the strongest security posture available today and tomorrow.

      From your data center, branch offices, cloud environments, and everywhere in between, you can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, resulting in world class security controls everywhere you need them.

      Investing in a Secure Firewall appliance today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise, and stop threats faster.

      The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.

      The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.

      In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.

      Offer
      Learn more about Cisco Secure Firewall
      Learn more about Palo Alto Networks VM-Series
      Sample Customers
      There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
      Warren Rogers Associates
      Top Industries
      REVIEWERS
      Financial Services Firm16%
      Comms Service Provider13%
      Computer Software Company9%
      Government8%
      VISITORS READING REVIEWS
      Comms Service Provider20%
      Computer Software Company19%
      Government7%
      Educational Organization5%
      REVIEWERS
      Financial Services Firm19%
      Computer Software Company13%
      Government13%
      Manufacturing Company13%
      VISITORS READING REVIEWS
      Computer Software Company22%
      Comms Service Provider11%
      Financial Services Firm8%
      Government6%
      Company Size
      REVIEWERS
      Small Business35%
      Midsize Enterprise24%
      Large Enterprise41%
      VISITORS READING REVIEWS
      Small Business28%
      Midsize Enterprise19%
      Large Enterprise53%
      REVIEWERS
      Small Business40%
      Midsize Enterprise29%
      Large Enterprise31%
      VISITORS READING REVIEWS
      Small Business22%
      Midsize Enterprise15%
      Large Enterprise63%
      Buyer's Guide
      Cisco Secure Firewall vs. Palo Alto Networks VM-Series
      November 2022
      Find out what your peers are saying about Cisco Secure Firewall vs. Palo Alto Networks VM-Series and other solutions. Updated: November 2022.
      657,849 professionals have used our research since 2012.

      Cisco Secure Firewall is ranked 2nd in Firewalls with 122 reviews while Palo Alto Networks VM-Series is ranked 18th in Firewalls with 7 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks VM-Series is rated 8.8. The top reviewer of Cisco Secure Firewall writes "The ability to implement dynamic policies for dynamic environments is important, given the fluidity in the world of security". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "User-friendly interface, easy to monitor, and has a single pane of glass for reporting". Cisco Secure Firewall is most compared with Fortinet FortiGate, Meraki MX, Palo Alto Networks WildFire and pfSense, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Palo Alto Networks NG Firewalls, Fortinet FortiGate, Juniper SRX and Fortinet FortiGate-VM. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.

      See our list of best Firewalls vendors.

      We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.