Try our new research platform with insights from 80,000+ expert users

Cisco Secure Firewall vs Sangfor NGAF comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 13, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
390
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
Cisco Secure Firewall
Ranking in Firewalls
6th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
428
Ranking in other categories
Cisco Security Portfolio (3rd)
Sangfor NGAF
Ranking in Firewalls
19th
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
34
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 21.2%, up from 17.7% compared to the previous year. The mindshare of Cisco Secure Firewall is 6.2%, up from 5.5% compared to the previous year. The mindshare of Sangfor NGAF is 1.3%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

Vasu Gala - PeerSpot reviewer
A stable solution with an intuitive interface and quick customer service
I have been working with Fortinet FortiGate, WatchGuard, Sophos, and SonicWall. I'm not as comfortable with SonicWall because of their UI and limitations. I prefer Fortinet above all other options. When it comes to configuration, I am confident in my ability to handle various tasks, including creating policies such as firewall rules, web policies, and application policies. Additionally, I can configure VPNs and implement load balancing, among other tasks. Overall, I feel much more comfortable working with Fortinet. Fortinet has made significant improvements by integrating AI with firewalls for threat analysis and prevention. In the past 2-3 years, they have launched FortiSASE and SIEM, and they also provide SOC services. Both Palo Alto and Fortinet FortiGate are excellent. While Fortinet FortiGate comes at higher prices, the functionality and support justify the cost. They promptly resolve firmware issues and inform all support providers about configuration changes.
Phil Shiflett - PeerSpot reviewer
Unified policies streamline network management but complex licensing requires attention
Cisco Secure Firewall has some growth opportunities in terms of visibility and control capabilities regarding managing encrypted traffic. It has the ability to analyze encrypted traffic, and there is potential for more integration with APIs and AI to enhance these capabilities. Cisco Secure Firewall needs improvement in deployment time and the capability to access the CLI during support calls. I often encounter issues when technical support uses a CLI that is not familiar to me while troubleshooting through the GUI. My ongoing complaint for the last six years has been the lack of CLI functionality, which hinders my ability to work on the firewall, alongside concerns regarding deployment time. For the next release, they should look at the features offered by competitors such as Fortinet, including the ability to perform packet capture directly from the interface. If they enhanced their troubleshooting efficiency related to packet capture for each specific rule, it would simplify the process significantly.
Zaid Farooqui - PeerSpot reviewer
Enhanced threat detection with integrated security features and good support
We are using application firewalling, WAF, and SD-WAN. The capabilities are mostly within the box. For example, you will get web application firewall WAF as part and parcel of this. SD-WAN is also bundled. It integrates with their SIEM and SOAR solutions very nicely. Lastly, the pricing point is very cost-efficient as well.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The technical support is great."
"It is stable and easy to use. There are a lot of good resources available on the web."
"Fortinet FortiGate protects against internet-based threats, both internal and external. It is scalable, stable, easy to use, and easy to install."
"The VPN is the most valuable feature."
"Fortinet FortiGate is a scalable solution."
"It is a safe product."
"Fortinet FortiGate has impacted our cost savings and security efficiency positively."
"The most valuable features of Fortinet FortiGate are the ability to work in proxy mode, which other solutions, such as Palo Alto cannot. There are some features that are better that come at no extra license or subscriptions cost, such as basic SD-WAN. The DLT is useful, other solutions have the same feature too, such as Palo Alto."
"Cisco ASA Firewall is a well known product. They're always updating it, and you know what they're doing and that it works."
"The firepower sensors have been great; they do a good job of dropping unwanted traffic."
"The features I appreciate the most about Cisco Secure Firewall are the policies, ACLs, and traffic behavior analytics."
"It provides security for our company and users."
"It is much better than most of the other firewalls that I have worked with."
"What I like about Cisco is the security zone. By default when you configure it, it gives you a security zone, which other firewalls don't have."
"What I found the most valuable about Cisco Secure Firewall is that if a client is educated about the solution, it can help him or her avoid many problems and mistakes."
"What I appreciate the most about Cisco Secure Firewall is that it can be very elastic, as it can be configured with all the flexibility of my network needs and complexity."
"While the features are not dissimilar to other brands, configuration is much more simple, which works out great for Indonesian people."
"In terms of the most valuable features, the IPS report is quick and updated. Performance is also valuable."
"The price versus value is good because the solution is less expensive than Sophos, Fortinet, or SonicWall."
"The stability of Sangfor NGAF is good."
"In four steps one can configure the entire firewall."
"You might try Sangfor if you are on a tight budget. The price is affordable, and Sangfor offers a lot of features. We don't have any complaints about Sangfor."
"I think Sangfor NGAF is more valuable than Cisco products because of its simplicity and ease of management. If I compare it with Palo Alto and Cisco, both are quite complex products. And if I compare it with FortiGate firewalls from Fortinet, I have also used all these products. Fortinet and Sangfor NGAF are similar products because the applications behind the application and policy layers are almost identical."
"The most valuable feature of Sangfor NGAF is its integration."
 

Cons

"My only complaint about FortiGate is a lack of QinQ VLAN tunneling. I haven't found this feature in any Fortinet product. You can do this on all Cisco routers, including the smaller models. However, QinQ isn't available on the biggest, most expensive Fortinet units. They still don't have that. I think now we're on software version 6.0, and they still haven't found a solution for QinQ. It isn't a dealbreaker, but that's my main complaint."
"Reporting is limited to providing an external appliance for improving the reporting capabilities of the FortiAnalyzer. It does not offer a central management and is also sold separably as an appliance."
"The renewal cost is much higher than other firewalls. It is not reasonable."
"Pricing for it is a bit high. It could be cheaper."
"One of the problems I was having was with user mapping, and it is an issue for which I have escalated tickets with Fortinet support."
"Fortinet FortiGate could improve by adding enhancements to FortiMail, FortiSOAR, and FortiDeceptor."
"Its customer service could be better."
"Fortinet FortiGate should improve the VPN tokens."
"The interface for monitoring could be improved to allow better views to make troubleshooting easier."
"With the new FTD, there is a little bit of a learning curve."
"The phishing emails could be improved."
"I would like to see the inclusion of a protocol that can be used to protect databases."
"My experience with pricing, setup costs, and licensing was a nightmare. It is indeed challenging as Cisco has too many variations of support with no clear explanation of what you are actually getting."
"The upgrading process of Cisco Secure Firewall is a long process on a per-firewall basis, and it would be nice if that could be improved. One firewall can take two to two and a half hours to upgrade, so we end up having to watch it."
"Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up."
"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."
"There is room for improvement in dependency on certain infrastructure, like the DNS dependency on the current DNS server that the company has. It should be standalone. It should not depend on any other DNS server."
"The support offered by the product has certain shortcomings where improvements are required. The knowledge levels and response time of the support team need improvement."
"Sangfor NGAF could improve the policies and default criteria. They could be much better."
"The tool's support is an area of concern where improvements are required."
"The web interface needs to be improved, making it more user-friendly."
"Lacks consistency in terms of filtering certain websites and applications."
"The solution has too many bugs and these slow down the implementation."
"Sangfor NGAF could improve by refining its application control policies, especially in addressing challenges with certain types of applications."
 

Pricing and Cost Advice

"Fortinet bundles FortiGate with other products and because of this, the price is a little expensive to some SMB enterprises."
"The price of Fortinet FortiGate when compared to other solutions is high. However, my knowledge of the price is from third parties and I am not sure how accurate it is. I typically work in the technical area of my organization."
"While Fortinet FortiGate has a higher price point compared to Sophos XG, its user-friendly interface justifies the cost."
"The price, in comparison to other products is very cheap."
"The pricing of the solution is very competitive."
"It scales well if you know what to buy from a physical box standpoint. They seem to offer something for every level."
"Fortinet is the least expensive solution."
"It is an inexpensive solution."
"We are in the process of renewing our three-year license, which costs approximately $24,000 USD for the thirty-six months."
"Cost-wise, it's in the same range as its competitors. It's likely cheaper than Palo Alto. Cisco is affordable for a large organization of 500 to 1,000 users and above. You need a Cisco sales partner or engineer to explain to you the licensing aspects."
"The pricing for Cisco products is higher than others, but Cisco is a very good, strong, and stable technology."
"We have a perpetual license for all of our firewalls. For some of the features, we purchase them on demand. The pricing is decent but it could always be cheaper, we would be happier."
"The Cisco licensing agreement in Bangladesh is different than the one in India and in Dubai. It is not a problem, but if you want to subscribe to the yearly subscription, the original cost is really high. Also, if you go for an anti-virus, you pay for an additional yearly subscription."
"The licensing is not good, it's confusing. I'm an engineer so I don't care about the actual price that much but the licensing part is confusing."
"We pay about $200 yearly and we have two firewalls."
"It's pretty competitive. If they could make it cheaper, it would be great. You always want cheaper, but relative to the performance capabilities of the firewall and relative to what you get, it's fair. It's not the cheapest in the world, but you get an excellent product for that price."
"The solution has a TCO that is 32% to 50% less than Sophos, Fortinet, and SonicWall."
"When it comes to the price of firewall solutions, Sangfor NGAF takes the cake."
"The price falls in the mid-range, neither exceptionally low nor high."
"The product is very cost-effective compared to other brands or vendors."
"Sangfor NGAF is a cheaply priced product, especially if I consider the previous product that was used in my company."
"We purchased one year technical support and return to factory support, and we also purchased one-year technical support services. So those were additional."
"The price could be more competitive."
"Price-wise, I would not consider Sangfor NGAF to be a cheap product. It is an expensive firewall solution, though not as expensive as something like Palo Alto, which is costly. However, the higher price point is justifiable given the feature set the tool provides that other firewalls may not offer in a single dedicated appliance."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
862,514 professionals have used our research since 2012.
 

Comparison Review

it_user206346 - PeerSpot reviewer
Mar 11, 2015
Cisco ASA vs. Palo Alto Networks
Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Comms Service Provider
8%
Manufacturing Company
7%
Educational Organization
7%
Computer Software Company
20%
Educational Organization
14%
University
7%
Manufacturing Company
7%
Computer Software Company
12%
Manufacturing Company
11%
Financial Services Firm
9%
University
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
Which is better - Meraki MX or Cisco ASA Firewall?
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports netw...
What do you like most about Sangfor NGAF?
I think Sangfor NGAF is more valuable than Cisco products because of its simplicity and ease of management. If I comp...
What is your experience regarding pricing and costs for Sangfor NGAF?
The licensing cost is quite high compared to other available firewalls in the market.
What needs improvement with Sangfor NGAF?
The cost of licensing is very high compared to other firewalls available here. There should be improvements in hardwa...
 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
Sangfor NGAF Firewall Platform
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
The Ministry of Science, Technology, and Innovation (Indonesia), Lawson, Inc. (Philippines), Universiti Sultan Zainal Abidin (Indonesia), TEK Automotive (Italy), etc.
Find out what your peers are saying about Cisco Secure Firewall vs. Sangfor NGAF and other solutions. Updated: July 2025.
862,514 professionals have used our research since 2012.