Try our new research platform with insights from 80,000+ expert users

Cisco Secure Firewall vs Sangfor NGAF comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 13, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
381
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
Cisco Secure Firewall
Ranking in Firewalls
6th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
428
Ranking in other categories
Cisco Security Portfolio (3rd)
Sangfor NGAF
Ranking in Firewalls
19th
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
34
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 21.2%, up from 17.7% compared to the previous year. The mindshare of Cisco Secure Firewall is 6.2%, up from 5.5% compared to the previous year. The mindshare of Sangfor NGAF is 1.3%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

Vasu Gala - PeerSpot reviewer
A stable solution with an intuitive interface and quick customer service
I have been working with Fortinet FortiGate, WatchGuard, Sophos, and SonicWall. I'm not as comfortable with SonicWall because of their UI and limitations. I prefer Fortinet above all other options. When it comes to configuration, I am confident in my ability to handle various tasks, including creating policies such as firewall rules, web policies, and application policies. Additionally, I can configure VPNs and implement load balancing, among other tasks. Overall, I feel much more comfortable working with Fortinet. Fortinet has made significant improvements by integrating AI with firewalls for threat analysis and prevention. In the past 2-3 years, they have launched FortiSASE and SIEM, and they also provide SOC services. Both Palo Alto and Fortinet FortiGate are excellent. While Fortinet FortiGate comes at higher prices, the functionality and support justify the cost. They promptly resolve firmware issues and inform all support providers about configuration changes.
Phil Shiflett - PeerSpot reviewer
Unified policies streamline network management but complex licensing requires attention
Cisco Secure Firewall has some growth opportunities in terms of visibility and control capabilities regarding managing encrypted traffic. It has the ability to analyze encrypted traffic, and there is potential for more integration with APIs and AI to enhance these capabilities. Cisco Secure Firewall needs improvement in deployment time and the capability to access the CLI during support calls. I often encounter issues when technical support uses a CLI that is not familiar to me while troubleshooting through the GUI. My ongoing complaint for the last six years has been the lack of CLI functionality, which hinders my ability to work on the firewall, alongside concerns regarding deployment time. For the next release, they should look at the features offered by competitors such as Fortinet, including the ability to perform packet capture directly from the interface. If they enhanced their troubleshooting efficiency related to packet capture for each specific rule, it would simplify the process significantly.
Zaid Farooqui - PeerSpot reviewer
Enhanced threat detection with integrated security features and good support
We are using application firewalling, WAF, and SD-WAN. The capabilities are mostly within the box. For example, you will get web application firewall WAF as part and parcel of this. SD-WAN is also bundled. It integrates with their SIEM and SOAR solutions very nicely. Lastly, the pricing point is very cost-efficient as well.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's a user-friendly firewall. Most of the tasks are very simple. It's simple to configure and troubleshoot this firewall."
"Fortinet FortiGate is considered the best in the European market for security reasons."
"The features that I have found most valuable are the SD-WAN and their IP4 policy."
"The features that prevent internet connections, the filtering are the most valuable because we did not have any internet protection before."
"The most valuable feature of FortiGate is FortiView which provides proactive monitoring."
"The product is very stable, easy to troubleshoot, and configure, so it has reduced the time it takes for support."
"Whenever I need something, Fortinet improves and updates the software for me."
"The reporting you receive out of this appliance is excellent. You will not need an external management system."
"It just works for us."
"The features I found most valuable in this solution, are the overall security features."
"Sourcefire has been a great addition. The visibility and control have been nice."
"The most valuable feature is the access control list (ACL)."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"A good intrusion prevention system and filtering."
"The architecture of FTD is great because it has an in-depth coverage and because it uses the AVC, (Application, Visibility, and Control) and also rate limits. Also, the architecture of fast paths is great."
"I like the user interface because the navigation is very easy, straightforward on your left side pane you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward."
"The most valuable features are the WAN optimization, the internet access gateway (IAG), and the central console, which allows us to implement on their firewall."
"In terms of the most valuable features, the IPS report is quick and updated. Performance is also valuable."
"In our hospital, Sangfor NGAF works well for us in terms of ensuring confidentiality and availability, which are crucial in the healthcare industry."
"The most valuable feature of Sangfor NGAF is its integration."
"Particularly good in the DPI where we can inspect inbound and outbound traffic."
"Sangfor NGAF works accordingly with our customers. The solution has good performance, easy to use, and integrates well with the endpoints."
"The level of support provided to local companies is good. They transform their application control and other settings according to that country."
"The tool's performance is good."
 

Cons

"The platform's interface could improve."
"Performance on the box and technical support are areas where Fortinet FortiGate can be improved."
"The customization could be improved. Cisco, for example, is much better at this. They need to work to be at least as good as they are."
"You do need some IT knowledge in order to effectively work with the solution."
"Fortinet currently has many products bundled with FortiGate including the basic firewall and load balancer, and I think that that they need to have separate product portfolios for each of these specialized services."
"Reporting is limited to providing an external appliance for improving the reporting capabilities of the FortiAnalyzer. It does not offer a central management and is also sold separably as an appliance."
"Technical support for this solution can be improved."
"It's my understanding that more of the current generation features could be brought in. There could be more integration with EDRs, for example."
"I would like the ability to drill down into certain reports because currently, that cannot be done."
"The stability and the product features have to really be worked on."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version."
"We have to rely on Cisco ASDM to access the firewall interface. This needs improvement. Because we have a web-based interface, and it is a lot more user-friendly."
"The only drawback of the user interface is when it comes to policies. When you open it and click on the policies, you have to move manually left and right if you want to see the whole field within the cell. Checkpoint has a very detailed user interface."
"Report generation is an area that should be improved."
"I would like to see them update the GUI so that it doesn't look like it was made in 1995."
"The solution should be able to work in a hybrid setup."
"It does not offer any recommendations on how to mitigate or control attacks."
"They need to improve their research team and they need to study their data to analyze it and build the product."
"The reporting and log management could be improved."
"Our experience with its customer support was quite challenging."
"The product must provide more IPS features."
"An area for improvement would be the number of ports defined on the box. In the next release, I would like them to develop their provisioning stage of enrolling end devices."
"The firewall system needs gradual improvements because there are more threats and challenges every day."
 

Pricing and Cost Advice

"I do not have first-hand experience with the rice of Fortinet FortiGate, but I have heard the price was reasonable."
"The setup cost was good. The Egyptian pound is declining, and upgrading Fortinet FortiGate yearly costs about $2000 USD, which equals one hundred Egyptian pounds. I maintain a business relationship with the vendor and receive support from them."
"The price is fair for what we get with FortiGate."
"By default, they give SD-WAN along with the firewall. They don't have separate licensing for the SD-WAN functionality. However, they have security licenses that are sold separately on a subscription basis. Customers can consume these security features to protect their users from internet traffic."
"Fortinet prices are around $600 for the small 40F model, and for licenses, the simplest option is about $300 for a year. They sell licenses that can last for 1, 2, 3, or 5 years."
"It is too expensive for us. My organization is very small, and we have a total of ten users. We have three internal users and seven external users. The FortiGate 100D series is too expensive for renewing the licenses."
"It's very affordable."
"The licensing scheme of Fortinet is better than Cisco. It is more logical."
"The pricing and licensing structure of the firewall is fair and reasonable."
"We pay about $200 yearly and we have two firewalls."
"The price is fair. It's not the cheapest, but it's not bad."
"It is affordable. The hardware is not that expensive anymore. It is a matter of licensing these days."
"Cisco is considered to be an expensive solution."
"Cisco devices are for sure costly and budget could be an important constrain on selecting them as our security solution."
"We've gone to all smart licensing, so that works well."
"All our requirements which we need performed by the firewall (e.g. VPN, URL white-listing, or IP based white-listing, etc.) have separate licenses and costs."
"The price is unmatcheable."
"It is one of the cheapest tools in the market."
"For over 2000 users, the cost is around 5000 to 6000 USD. If you want a web application firewall, you have to purchase an additional license for it."
"Sangfor NGAF is a cheaply priced product, especially if I consider the previous product that was used in my company."
"We purchased one year technical support and return to factory support, and we also purchased one-year technical support services. So those were additional."
"Sangfor NGAF price is reasonable and there is an annual license. However, the maintenance cost can be a bit high."
"The pricing is reasonable."
"The price could be more competitive."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
861,803 professionals have used our research since 2012.
 

Comparison Review

it_user206346 - PeerSpot reviewer
Mar 11, 2015
Cisco ASA vs. Palo Alto Networks
Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Comms Service Provider
8%
Educational Organization
8%
Manufacturing Company
7%
Educational Organization
21%
Computer Software Company
18%
University
7%
Manufacturing Company
6%
Computer Software Company
12%
Manufacturing Company
11%
Financial Services Firm
9%
University
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
Which is better - Meraki MX or Cisco ASA Firewall?
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports netw...
What do you like most about Sangfor NGAF?
I think Sangfor NGAF is more valuable than Cisco products because of its simplicity and ease of management. If I comp...
What is your experience regarding pricing and costs for Sangfor NGAF?
The licensing cost is quite high compared to other available firewalls in the market.
What needs improvement with Sangfor NGAF?
The cost of licensing is very high compared to other firewalls available here. There should be improvements in hardwa...
 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
Sangfor NGAF Firewall Platform
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
The Ministry of Science, Technology, and Innovation (Indonesia), Lawson, Inc. (Philippines), Universiti Sultan Zainal Abidin (Indonesia), TEK Automotive (Italy), etc.
Find out what your peers are saying about Cisco Secure Firewall vs. Sangfor NGAF and other solutions. Updated: July 2025.
861,803 professionals have used our research since 2012.