Cisco Secure Firewall vs Sangfor NGAF comparison


Comparison Buyer's Guide

Executive Summary

Categories and Ranking

Fortinet FortiGate
Ranking in Firewalls
Average Rating
Number of Reviews
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (2nd), WAN Edge (1st)
Cisco Secure Firewall
Ranking in Firewalls
Average Rating
Number of Reviews
Ranking in other categories
Cisco Security Portfolio (4th)
Sangfor NGAF
Ranking in Firewalls
Average Rating
Number of Reviews
Ranking in other categories
No ranking in other categories

Mindshare comparison

As of June 2024, in the Firewalls category, the mindshare of Fortinet FortiGate is 22.6%, up from 20.2% compared to the previous year. The mindshare of Cisco Secure Firewall is 6.3%, up from 6.3% compared to the previous year. The mindshare of Sangfor NGAF is 2.0%, up from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Unique Categories:
Software Defined WAN (SD-WAN) Solutions
WAN Edge
Cisco Security Portfolio
No other categories found

Featured Reviews

Nov 16, 2023
Reduces our remediation time and our operational expenses
The visibility that FortiGate provides into our devices is crucial for network segmentation. I want to see the output in a specific way. The traditional approach has shifted slightly, as I'm accustomed to Cisco networking equipment. Typically, we have a call feature, but I'm currently using all the call features for internal routing. However, with FortiGate, most security subnets are segmented and protected behind the firewall. This allows me to lock down or secure sensitive subnets, such as HR or departmental information. I can log in from there, and all other subnets for client users require centralized access. This means that all traffic must go through the firewall, enhancing security. FortiGate enabled us to achieve compliance with governance requirements. The FortiGate, along with fabric security and checkpoints, essentially act as regulatory checkers, reviewing our security practices against industry best practices and guidelines. If they identify any discrepancies, they alert us, allowing us to develop and implement mitigation plans to address the issues. For instance, if our SSH configurations don't meet security standards, such as algorithm or cipher requirements, FortiGate will notify us, enabling us to take corrective action and regain compliance. We utilize API calls for FortiGate, including those related to our PRTG monitoring system. Additionally, we employ HVAC calls and leverage another MDR solution from Arctic Wolf to trigger specific events on the FortGate. This API functionality enables us to generate API keys and seamlessly integrate with API features across various platforms. Integrating FortiGate into our environment is straightforward. Our transition from Palo Alto to FortiGate was seamless, utilizing our existing policies and migration tools. FortiGate also provides provisioning capabilities for defining branch office configurations. As long as branch office devices can access the internet to communicate with Fortinet Cloud, we can remotely implement provisioning for these devices, offering greater convenience for small branch offices. The built-in APIs streamline integrations with other vendors, reducing deployment time. They effortlessly generate API keys upon logging into the Fortinet network, facilitating the deployment of our PRTT monitor tools. These tools seamlessly integrate with each other, fostering rapid deployment. Most platforms, including Cisco Meraki, Palo Alto, and Check Point, now adhere to industry standards and support API calls. FortiGate has been instrumental in mitigating the risk of cyberattacks that could potentially disrupt our production operations. I am particularly impressed with Fortinet's cloud-based FortiGuard service, which continuously updates our systems with the latest zero-day attack protection, significantly reducing the threat landscape within our industry. Given the energy industry's heightened vulnerability to cyberattacks, we have implemented measures to restrict access to our network based on geolocation IP addresses. This includes restricting access from countries such as Russia and China, further safeguarding our environment from potential threats. Additionally, FortiGuard's regularly updated list of malicious websites provides an invaluable layer of protection for our industry. In the event of a production-disrupting attack, we can utilize FortiManager to remotely isolate and mitigate the threat by shutting down specific subnets or networks. We can easily navigate through the unpacked data, and upon detecting a suspicious event, we can initiate automation or SOAR processes to notify the Cloud Service Provider team with whom we have been collaborating. Additionally, we can establish traffic alerts. For instance, since not all users access the AD server simultaneously each month, if we observe such suspicious behavior, we can remotely shut down that network, thereby minimizing our risk exposure. FortiGate provides us with actionable insights to guide our decision-making regarding the appropriate actions to take. We generate 20 gigabytes of log data daily, which we utilize to establish a baseline for network traffic on our servers and compare it to our generated report. This approach allows us to set a threshold for the read volume of 20 gigabytes of FortiGate data attempting to reach a server from an external source. If this threshold is exceeded, an alert is triggered, prompting us to take corrective action. The centralized monitoring of our environment provides significant value. Security is not a single, isolated element. It encompasses the entire network infrastructure, including firewalls, routers, switches, endpoints, and even mobile devices. The Fortinet Security Fabric seamlessly integrates these components to provide comprehensive protection. It generates detailed logs, including those from access points linked to FortiSwitch. The FortiSwitch, fully integrated with the FortiGate Fabric, relays security alerts to the FortiViewer in the SOC. This centralized view provides complete visibility into the network, including SSIDs, wireless networks, subnets, and devices protected by FortiClient. The Fortinet Security Fabric tracks individual devices connected to the network, including compromised laptops. FortiClient triggers alerts and sends them to FortiCloud, which also receives logs from the EMS server and the firewall. These logs are consolidated in the FortiAnalyzer and forwarded to the cloud-based log server for analysis. This comprehensive approach to security ensures that all potential threats are identified and addressed promptly. FortiGate has contributed to a reduction in our operational expenses. Prior to adopting Fortinet, we utilized Palo Alto for firewalls and Cisco for call switches. However, as we began using Fortinet, we gradually transitioned to their products. Currently, we employ FortiGate for our firewall, FortiSuite, and FortiAP Access Points, phasing them in one at a time. This approach has effectively minimized downtime and lightened our workload by enabling centralized management through a single pane of glass. FortiGate has significantly reduced our time to remediation. We can now check logs from servers, firewalls, switches, access points, clouds, and even devices from different brands, all from a single centralized location. This has greatly reduced the time required for threat hunting and security event investigation. Fortinet has been instrumental in enhancing our cybersecurity approach to safeguard our industrial machinery. We rely on some heavy equipment that is critical to our industry's operations. To protect this equipment, we have isolated it on a single subnet and implemented strict access controls, allowing only authorized users and MAC addresses to access the network. This ensures that only internal staff can operate the equipment unless authorized maintenance personnel are present. The high level of security we have implemented is essential because our industry's operations are closely tied to the core applications of our industry. We are committed to safeguarding our equipment and preventing any potential risks.
Feb 21, 2023
Scales well, has good documentation, and helps with secure access
One con of Cisco Secure Firewalls is that Java is used a lot for the older generation of these firewalls. Java is used for the ASA and the ASDM tool for administration. It's an outdated way of administering, and it's also a security risk to use this kind of solution. This is a pro of Firepower or the newer generation of firewalls because they are using HTML for administration. In general, they can make it easier to manage the solutions. They can make it easier in terms of administration and provide a single tool for different firewalling solutions. They have different tools to manage different firewalls, such as Firepower or ASA. Sometimes, both are on the same thing. You have ASA with Firepower modules, so you manage some of the things via HTML, and then you manage some of the things via another management tool. It's not seamless. It should be bundled together in one solution.
DilawerAli - PeerSpot reviewer
Aug 23, 2023
Stable performance and valuable features include VPN connectivity, SSL VPN, and URL filtering
It is primarily used for providing secure Internet connectivity to devices, to endpoints, and to provide secure VPN connectivity to the network for remote users. That's the primary usage right now The VPN connectivity feature is really nice. The SSL VPN feature is really nice, and the URL…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:


"Their reliability and their policy of pre-shipping replacements when a unit has failed."
"It can expand easily."
"The features that prevent internet connections, the filtering are the most valuable because we did not have any internet protection before."
"Some of the valuable features are the firewall, IPS, web filter, and gateway capabilities. Additionally, it is easy to use and flexible."
"Anti-Spam web content filterinG."
"The inspection and web security features are most valuable."
"The SD-WAN is the most valuable feature."
"The network security and cloud security are most valuable."
"I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall."
"The information coming from Talos does a good job... I like the fact that Cisco is working with them and getting the information from them and updating the firewall."
"The feature I find most valuable is the Cisco VPN Interconnection."
"It is scalable and stable."
"VPN load balancing has been particularly essential for my connections to integrate via multiple time zones."
"ASA integrates with FirePOWER, IPS functionality, malware filtering, etc. This functionality wasn't there in the past. With its cloud architecture, Cisco can filter traffic at the engine layer. Evasive encryptions can be entered into the application, like BitTorrent or Skype. This wasn't possible to control through a traditional firewall."
"We have been using a 5520 for seven years in our datacenter and we are satisfied by this version."
"The IPS (In-plane switching) is the most valuable feature."
"You might try Sangfor if you are on a tight budget. The price is affordable, and Sangfor offers a lot of features. We don't have any complaints about Sangfor."
"The most valuable features are the WAN optimization, the internet access gateway (IAG), and the central console, which allows us to implement on their firewall."
"It is a stable solution."
"Particularly good in the DPI where we can inspect inbound and outbound traffic."
"SSL VPN is the best feature."
"Sangfor NGAF works accordingly with our customers. The solution has good performance, easy to use, and integrates well with the endpoints."
"Sangfor NGAF specializes in ransomware detection and helps to protect our network from ransomware threats and malware."
"So far, the performance and reliability of the product have supported our company's critical network traffic."


"We have an issue with hotel guest vouchers."
"The scalability could be better."
"I feel that the reporting needs to be improved."
"It's my understanding that more of the current generation features could be brought in. There could be more integration with EDRs, for example."
"Its reporting can be improved. Sometimes, I don't get proper reports."
"When we cluster the two Fortinet FortiGate boxes together we have some issues."
"The solution lacks sufficient filtering."
"The initial setup and configuration are not intuitive and require training."
"We are still running the original ASAs. The software that you are running for the ASDM software and Java application has never been a lot of fun to operate. It would have been nice to see that change update be redesigned with modern systems, which don't play nicely with Java sometimes. Cybersecurity doesn't seem to love how that operates. For us, a fresher application, taking advantage of the hardware, would have been a better approach."
"The usability of Cisco Firepower Threat Defense is an issue. The product is still under development, and the user interface is very difficult to deal with."
"Cisco is still catching up with its Firepower Next-Generation firewalls."
"They should improve their interface."
"Deploying configurations takes longer than it should."
"I have found that Cisco reporting capabilities are not as rich as other products, so the reporting could be improved."
"The product crashes. We have a cluster of firewalls and we regularly get failovers."
"In general, they can make it easier to manage the solutions. They can make it easier in terms of administration and provide a single tool for different firewalling solutions. They have different tools to manage different firewalls, such as Firepower or ASA. Sometimes, both are on the same thing. You have ASA with Firepower modules, so you manage some of the things via HTML, and then you manage some of the things via another management tool. It's not seamless."
"An area for improvement would be the number of ports defined on the box. In the next release, I would like them to develop their provisioning stage of enrolling end devices."
"Sangfor could improve by providing better real-time reporting, as the current reports don't offer the level of detail we need, especially for runtime insights."
"They need to increase the number of ports in the firewall."
"The GUI needs to be improved, lacks logic in some areas."
"The reporting and log management could be improved."
"An area of improvement for Sangfor NGAF could be in the field of reporting and logging."
"The tool is expensive."
"I would be happy if Sangfor developed a firewall designed specifically for home use, as well as for small businesses such as clinics and so on. A household version of the Sangfor firewall for your personal computer or laptop would be ideal, in my opinion."

Pricing and Cost Advice

"The price is high compared to some of the other solutions."
"It's expensive, but compared to the competition it's okay."
"There is a subscription-based model to use Fortinet FortiGate. We pay annually for the solution along with the support. If you want to have all the updates, and security patches you will need to renew your support."
"It is quite affordable for our customers. There is a separate cost for IPS, antivirus, web filtering, and other features. They have a great choice of licenses. You can go for the license that you want, which is quite useful."
"The price is really low. It's cheap in comparison to the cost of Cisco or CheckPoint, for example."
"The pricing depends on the FortiGate model we are using, ranging from $3,000 to $20,000 US dollars."
"It is a good product from a price perspective versus functionality."
"Other firewalls are more expensive than Fortinet FortiGate, such as the Azure firewall."
"Cisco ASA Firewall should be cheaper."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"We pay a lot of money for it."
"The cost of this solution is high."
"If we compare it with FortiGate and the co-existing ASA, FortiGate is better in price."
"I just bought it off the shelf, and I'm using it with my previous one, so I have not spent that much."
"The solution was chosen because of its price compared to other similar solutions."
"It is expensive. There is a cost for everything. There is per year license cost and support cost. There is also a cost for any training, any application, and any resource. Things are very costly to do with Cisco. Other brands are cheaper. They are also more flexible in terms of training, subscription, and licensing. They give lots and lots of years free. They provide more than Cisco."
"The product is very cost-effective compared to other brands or vendors."
"When it comes to the price of firewall solutions, Sangfor NGAF takes the cake."
"It is one of the cheapest tools in the market."
"For four to five physical appliances for a licensed firewall, it costs approximately $4,000."
"The license of Sangfor NGAF can be purchased at different interval lengths, such as annually or three years. They offer a range of packages to choose from, such as combo or hybrid packages. We are using the complete solution package which includes IM, NGF and SSL VPN, and WAF."
"Sangfor NGAF is a cheaply priced product, especially if I consider the previous product that was used in my company."
"For over 2000 users, the cost is around 5000 to 6000 USD. If you want a web application firewall, you have to purchase an additional license for it."
"We purchased one year technical support and return to factory support, and we also purchased one-year technical support services. So those were additional."
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
787,779 professionals have used our research since 2012.

Comparison Review

it_user206346 - PeerSpot reviewer
Mar 11, 2015
Cisco ASA vs. Palo Alto Networks
Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…

Top Industries

By visitors reading reviews
Educational Organization
Computer Software Company
Comms Service Provider
Manufacturing Company
Educational Organization
Computer Software Company
Comms Service Provider
Computer Software Company
Manufacturing Company
Comms Service Provider
Financial Services Firm

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
Which is better - Meraki MX or Cisco ASA Firewall?
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports netw...
What do you like most about Sangfor NGAF?
I think Sangfor NGAF is more valuable than Cisco products because of its simplicity and ease of management. If I comp...
What is your experience regarding pricing and costs for Sangfor NGAF?
Price-wise, I would not consider Sangfor NGAF to be a cheap product. It is an expensive firewall solution, though not...

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
Sangfor NGAF Firewall Platform



Sample Customers

1. Amazon Web Services 2. Microsoft 3. IBM 4. Cisco 5. Dell 6. HP 7. Oracle 8. Verizon 9. AT&T 10. T-Mobile 11. Sprint 12. Vodafone 13. Orange 14. BT Group 15. Telstra 16. Deutsche Telekom 17. Comcast 18. Time Warner Cable 19. CenturyLink 20. NTT Communications 21. Tata Communications 22. SoftBank 23. China Mobile 24. Singtel 25. Telus 26. Rogers Communications 27. Bell Canada 28. Telkom Indonesia 29. Telkom South Africa 30. Telmex 31. Telia Company 32. Telkom Kenya
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
The Ministry of Science, Technology, and Innovation (Indonesia), Lawson, Inc. (Philippines), Universiti Sultan Zainal Abidin (Indonesia), TEK Automotive (Italy), etc.
Find out what your peers are saying about Cisco Secure Firewall vs. Sangfor NGAF and other solutions. Updated: May 2024.
787,779 professionals have used our research since 2012.