Try our new research platform with insights from 80,000+ expert users

Cisco Secure Firewall vs Zscaler Cloud Firewall comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
373
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
Cisco Secure Firewall
Ranking in Firewalls
6th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
428
Ranking in other categories
Cisco Security Portfolio (3rd)
Zscaler Cloud Firewall
Ranking in Firewalls
25th
Average Rating
8.2
Reviews Sentiment
8.0
Number of Reviews
18
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 21.2%, up from 17.7% compared to the previous year. The mindshare of Cisco Secure Firewall is 6.2%, up from 5.5% compared to the previous year. The mindshare of Zscaler Cloud Firewall is 0.4%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

Vasu Gala - PeerSpot reviewer
A stable solution with an intuitive interface and quick customer service
I have been working with Fortinet FortiGate, WatchGuard, Sophos, and SonicWall. I'm not as comfortable with SonicWall because of their UI and limitations. I prefer Fortinet above all other options. When it comes to configuration, I am confident in my ability to handle various tasks, including creating policies such as firewall rules, web policies, and application policies. Additionally, I can configure VPNs and implement load balancing, among other tasks. Overall, I feel much more comfortable working with Fortinet. Fortinet has made significant improvements by integrating AI with firewalls for threat analysis and prevention. In the past 2-3 years, they have launched FortiSASE and SIEM, and they also provide SOC services. Both Palo Alto and Fortinet FortiGate are excellent. While Fortinet FortiGate comes at higher prices, the functionality and support justify the cost. They promptly resolve firmware issues and inform all support providers about configuration changes.
Phil Shiflett - PeerSpot reviewer
Unified policies streamline network management but complex licensing requires attention
Cisco Secure Firewall has some growth opportunities in terms of visibility and control capabilities regarding managing encrypted traffic. It has the ability to analyze encrypted traffic, and there is potential for more integration with APIs and AI to enhance these capabilities. Cisco Secure Firewall needs improvement in deployment time and the capability to access the CLI during support calls. I often encounter issues when technical support uses a CLI that is not familiar to me while troubleshooting through the GUI. My ongoing complaint for the last six years has been the lack of CLI functionality, which hinders my ability to work on the firewall, alongside concerns regarding deployment time. For the next release, they should look at the features offered by competitors such as Fortinet, including the ability to perform packet capture directly from the interface. If they enhanced their troubleshooting efficiency related to packet capture for each specific rule, it would simplify the process significantly.
Bhaskar Rao - PeerSpot reviewer
Though it helps deal with web traffic or any malicious traffic, it needs to work on its DC performance issues
The product's initial setup phase is moderate in level, so it is neither very complex nor very easy. For the deployment, my company first needs to gather all the requirements of the users and the domain names and consider how many users there are in the company. In the implementation and planning part, my company needs to consider what kind of policies we will create while ensuring that the policies are created based on the requirements of the users. There is a need to segregate the users' requirements since there are separate departments in the company, like the HR department, sales department, IT department, and manufacturing department, so that our company can create policies depending on their requirements. On-site, if you want a GRE tunnel, our company can handle GRE tunnel traffic routing and Zscaler Cloud Firewall, after which Zscaler will take action based on the policies created by our organization. For the deployments and maintenance, a team of five members consisting of two managers and three engineers is required.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Its usability is good. We can easily navigate the system, and we have a very good user experience."
"The multi-tenancy feature is most valuable. It integrates very well with FortiManager and FortiAnalyzer."
"FortiOS is quite good in my experience with Fortinet FortiGate, and it works very effectively and is stable for companies. The customers have given feedback that FortiOS has been very stable for a long time."
"Good performance, stability, and virtual domain ability."
"Unified Threat Management (UTM) features."
"It does a lot for you for intrusion protection and as an antivirus. The threat management bundle is worth the money. You don't need another company to monitor your web traffic for you. You can do everything yourself on the firewall. You restrict your own black list for people on the firewall. You don't need to pay some other company for another product to do that for you. The firewall can do that for you. So, it's an easy-to-use product for people to be independent. They don't need to rely on other vendors to do what the firewall can do. They can do everything."
"Good anti-malware and web filtering features."
"This is a quality product with ok support, and it is better than the competition we've tried."
"ASA is stable and with a low level of work required on the maintenance side."
"This solution has good security, and it's a good product. You can trust Cisco, and there's support as well, which is really good."
"Its ability to work with the traffic.​"
"With Cisco, there are a lot of features such as the network map. Cisco builds the whole network map of the machines you have behind your firewall and gives you insight into the vulnerabilities and attributes that the host has. Checkpoint and Fortinet don't have that functionality directly on the firewall."
"When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."
"The most valuable features for my client are the ASDM and monitoring."
"The stability is good. Very simple. Upgrades are great."
"For companies prioritizing security, the optimal choice is one that offers a range of feeds to cater to diverse needs. This is particularly crucial for organizations implementing DDoS mitigation. The preferred solutions typically align with the top server vendors, with Cisco, Forti, and Barracuda consistently ranking among the top three vendors we collaborate with."
"Zscaler Cloud Firewall understands the applications in the current generation and adapts to the present generation cloud applications."
"It is a stable solution."
"If malicious traffic attacks our on-premises servers, then it gets blocked by Zscaler Cloud Firewall."
"It provides in-depth visibility into your network, ensuring that traffic flowing into your organization, be it from offices or individual users, is effectively filtered and secured through multiple layers of protection."
"Most of the features that Zscaler has to offer, we will deploy."
"The solution offers good sandboxing."
"Zscaler is still a very good product."
"The visibility and log availability offered are highly valued for troubleshooting purposes, and this is a key factor driving customer interest in the firewall module."
 

Cons

"The initial setup is complex."
"It should be more stable. There should be full integration within Fortinet products themselves as well as with other third-party products. Especially when you're not dealing with SIEM and the correlation of the security box, we want Fortinet to be able to share that information with as many other products as it can."
"The Wi-Fi controller needs a lot of improvement."
"Its reporting capabilities can be improved. It should have some out-of-the-box reporting capabilities and some degree of customization. The basic reporting that it currently has is not sufficient to create more usable reports. It needs some sort of out-of-the-box reporting. They try to make customers purchase FortiAnalyzer for this kind of reporting, which is an additional cost. Other firewall vendors, such as SonicWall and Sophos, provide this sort of reporting without any additional cost."
"Fortinet FortiGate could be improved in terms of user friendliness at the policy level and assigning URL based and keyword based features."
"The WAF is extremely limited."
"I don't really have anything negative to say as far as Fortinet firewalls are concerned. If anything, they can support a user a little bit better. They can stop being so time-sensitive about how much time the support call has taken, and they can help you do it yourself."
"Web security solutions can be improved."
"An area for improvement is the graphical user interface. That is something that is coming up now. They could make the product more user-friendly. A better GUI is something that would make life much easier."
"Cisco could improve its score by developing more features that integrate seamlessly with various applications and investing in hardware acceleration to enhance performance."
"We have encountered problems when implementing new signatures and new versions on our firewall. Sometimes, there is a short outage of our services, and we have not been able to understand what's going on. This is an area for improvement, and it would be good to have a way to monitor and understand why there is an outage."
"Cisco ASA is starting to get old and Firepower is taking over. All the good things happening are with Firepower."
"I'm not a big fan of the FDM (Firepower Device Manager) that comes with Firepower. I found out that you need to use the Firepower Management Center, the FMC, to manage the firewalls a lot better. You can get a lot more granular with the configuration in the FMC, versus the FDM that comes out-of-the-box with it. FDM is like Firepower for dummies."
"One of the challenges we've had with the Cisco ASA is the lack of a strong controller or central management console that is dependable and reliable all the time."
"The price and SD-WAN capabilities are the areas that need improvement."
"The initial setup could be simplified, as it can be complex for new users."
"Instead of the standard license, they should certainly provide customers with the visibility to access and view the logs."
"Apart from the issues associated with the product in areas like the DC performance issues and DC failover, Zscaler Cloud Firewall's IP should not have a proxy IP."
"I don't have the visibility of a control dashboard or a network management system."
"The issue right now is probably that Zscaler is not providing web browser isolation. Another solution, Menlo, offers this. For one customer, we had to send traffic to Menlo to do the isolation for us. It was requested by the customer so that they could integrate any iframe. Zscaler needs to add this type of feature in their next release."
"Zscaler Cloud Firewall should have a better understanding of all dynamic cloud applications."
"There are some areas it could improve when it comes to blocking, we have to block some things manually. For example, if we block a top-level domain we have seen that the new IPs come through, the IPs are not blocked. There should be some more granular way of doing it. My only request is if you're blocking something at a top level, the sub-level sub-domains and all those other IPs should be blocked too automatically."
"Certain criteria need to be met if you want to scale this solution."
"There are several areas for improvement. Firstly, the GUI is outdated, with noticeable lags and delays, especially when generating reports for past transactions."
 

Pricing and Cost Advice

"The price is fair for what we get with FortiGate."
"These boxes are not that expensive compared to what they can do, their functionality, and the reporting you receive. Fortinet licensing is straightforward and less confusing compared to Cisco."
"We pay for the solution annually."
"Compared to other firewall products, it's a little cheaper in terms of pricing."
"The price depends on the size of the company. From the beginning, you just want to know the internet bandwidths, speed, and the number of users to be able to offer the right product and model. They have a lot of products in FortiGate according to the size of the company, like 200D and 300D."
"Go for long term pricing negotiated at the time of purchase."
"No comment."
"By default, they give SD-WAN along with the firewall. They don't have separate licensing for the SD-WAN functionality. However, they have security licenses that are sold separately on a subscription basis. Customers can consume these security features to protect their users from internet traffic."
"The prices of Cisco Secure Firewall are competitive, especially for us as Cisco partners. We purchase the products directly from Cisco as a gold partner, which allows us to obtain better pricing than we would get from normal distributors or the local market."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"We pay about €2,000 ($2,400 USD) per year for licensing."
"Purchasing from the AWS Marketplace was easy. It was just point and click."
"The price of Firepower is not bad compared to other products."
"The solution was chosen because of its price compared to other similar solutions."
"That'd be more for my leadership, but I give them the quotes, and if they approve, they're happy. They've never wavered, so I wouldn't say it's out of the realm where they're considering another product. It must be in the direct price range for our leadership to not blink an eye when we give it to them."
"Cisco is not really cheap, but there is great technology behind it."
"There are licensing costs, and I would not say that it's a cheap vendor."
"It is not the most budget-friendly solution, but it's important to consider its overall value."
"On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing an eight out of ten."
"There is an annual license required for the use of the Zscaler Cloud Firewall."
"There are different subscription models available."
"It is expensive for small businesses."
"The licensing is on a yearly basis. It is somewhere around 30 or 40 pounds per user for our organization."
"The product is a bit expensive compared to the solutions offered by its competitors, like Palo Alto. There is a need to make yearly payments towards the license in charges associated with the product."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
859,957 professionals have used our research since 2012.
 

Comparison Review

it_user206346 - PeerSpot reviewer
Mar 11, 2015
Cisco ASA vs. Palo Alto Networks
Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Educational Organization
12%
Comms Service Provider
8%
Manufacturing Company
7%
Educational Organization
31%
Computer Software Company
16%
University
6%
Manufacturing Company
5%
Computer Software Company
14%
Financial Services Firm
11%
Manufacturing Company
9%
Retailer
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
Which is better - Meraki MX or Cisco ASA Firewall?
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports netw...
Which lesser known firewall product has the best chance at unseating the market leaders?
Netscope, Zscaler if they continue route they are on now. FIrewalls needs great deal of automation on each end, datac...
What do you like most about Zscaler Cloud Firewall?
The product’s firewall and VPN package are fantastic compared to any other solution.
What is your experience regarding pricing and costs for Zscaler Cloud Firewall?
Zscaler Cloud Firewall is quite expensive compared to competitors. However, it offered moderate value for money.
 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Adaptive Security Appliance, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
No data available
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Zenith Live, Azure, Carlsberg Group
Find out what your peers are saying about Cisco Secure Firewall vs. Zscaler Cloud Firewall and other solutions. Updated: June 2025.
859,957 professionals have used our research since 2012.