Coming October 25: PeerSpot Awards will be announced! Learn more

Fortinet FortiOS vs Sangfor NGAF comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Fortinet FortiOS and Sangfor NGAF based on real PeerSpot user reviews.

Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Fortinet FortiOS vs. Sangfor NGAF report (Updated: August 2022).
632,779 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature is the Intrusion Prevention System.""The content filtering is good.""It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS.""The main thing that I love the most is its policy and objects. Whenever I try to give access to a user, I can create an object via group creation in the object fields. This way, I am not able to enter a user in the policy repeatedly.""If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.""I'm a big fan of SecureX, Cisco's platform for tying together all the different security tools. It has a lot of flexibility and even a lot of third-party or non-Cisco integration. I feel like that's a really valuable tool.""One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful.""The customer service/technical support is very good with this solution."

More Cisco Firepower NGFW Firewall Pros →

"The product is scalable and easily expands.""The most valuable features of Fortinet FortiOS are user-friendliness, ease of use, and threat prevention.""Performance-wise, I think FortiOS is much better than its Juniper counterpart. Based on our actual experience and performance metrics, FortiOS-based products are much better than Juniper.""The most valuable features of Fortinet FortiOS are the ease of use and user-friendly interface.""The customer service and support team are excellent.""The solution constantly adds features that are useful and user-friendly such as the ability to tweak firewalls through the CLI.""FortiOS' most valuable features are management, security, and easy updates with no downtime.""The technical support on offer has always been quite good."

More Fortinet FortiOS Pros →

"While the features are not dissimilar to other brands, configuration is much more simple, which works out great for Indonesian people.""In four steps one can configure the entire firewall.""We can utilize our own network rather than paying for a private one.""We've found the technical support to be helpful.""Sangfor has the best capabilities for securing connections, securing web browsers, securing servers, and general threat protection.""Sangfor NGAF specializes in ransomware detection and helps to protect our network from ransomware threats and malware.""The most valuable feature of Sangfor NGAF is its integration.""The most valuable features are the WAN optimization, the internet access gateway (IAG), and the central console, which allows us to implement on their firewall."

More Sangfor NGAF Pros →

Cons
"It would be great if some of the load times were faster.""The price and SD-WAN capabilities are the areas that need improvement.""I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device.""When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance.""Cisco makes horrible UIs, so the interface is something that should be improved.""My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement.""The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough.""We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."

More Cisco Firepower NGFW Firewall Cons →

"FortiOS could provide a more detailed analysis of the network and connected devices.""They're using a lot of application-specific IC, so that may be causing some performance issues. And whenever a Fortinet adds new features, it can affect performance.""The pricing of the product is too high.""It would be better if AWS instances were available. If I want to upgrade from T2.small to T2.medium, it should be available rather than having a big instance and paying a lot of money for that. The issue is that we had deployed in AWS Cloud, and we were using a very small instance. Recently we wanted to move in-house and deploy it on the big instance because it was struggling with the RAM. If we use T2.small, we cannot upgrade it to the T2.medium. It has predefined instances in the marketplace with a lot of cost differences. If I can increase the RAM, I have to choose the T3.large instance. If I'm paying $270 for the small instance, I have to pay more than double the cost for T3.large. It is about $850, and this is not good. So, it would be better if it was cheaper. I think both AWS and Fortinet should think about that. They should provide it on lower instances as well. If I want to upgrade it from T2.small to T2.medium, it should be available, but it's a problem.""I would like to see fewer bugs. If you use the box with its basic features, the solution is straightforward and stable, but you can run into bugs when using newer features or in more complex use cases. They included a DNS filter as a new feature, and I had issues that required raising a ticket with customer support.""The solution could improve the log retention and reports.""The report and policy optimization tools can be improved in the next release.""Fortinet FortiOS can improve by limiting the need for the CLI and GUI combination. The more functions they can have on the GUI and less on CLI would be helpful."

More Fortinet FortiOS Cons →

"The firewall system needs gradual improvements because there are more threats and challenges every day.""I believe that IAM and NGFW need to merge into a single box, instead of there being two separate box solutions.""The web interface needs to be improved, making it more user-friendly.""Sangfor need greater exposer in the market because the market is mainly saturated by Fortinet. The user experience of Fortinet is quite different compared to NGAF. If we want to switch our users from Fortinet to NGAF, we have to convince them that the user experience will be much easier once once they start to use it.""The solution has too many bugs and these slow down the implementation.""They need to increase the number of ports in the firewall.""Sangfor could improve their interface capacity on the 5100 series model and upgrade their hardware from one gig to 10 gig. This would improve the overall throughput.""An area for improvement would be the number of ports defined on the box. In the next release, I would like them to develop their provisioning stage of enrolling end devices."

More Sangfor NGAF Cons →

Pricing and Cost Advice
  • "Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
  • "This product requires licenses for advanced features including Snort, IPS, and malware detection."
  • "This product is expensive."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The price of Firepower is not bad compared to other products."
  • "The solution was chosen because of its price compared to other similar solutions."
  • "The price is comparable."
  • "It definitely competes with the other vendors in the market."
  • More Cisco Firepower NGFW Firewall Pricing and Cost Advice →

  • "The price of Fortinet FortiOS has been reasonable."
  • "There is a license required for the solution and the price is fair."
  • "The solution could have a better licensing model. It's a bit more expensive than other solutions. The annual subscription is very pricy in Fortinet. The cost could be reduced."
  • "It is not cheap; it is also not expensive. It is somewhere in the middle."
  • "The cost is around $40,000."
  • "The Fortinet solutions can be a bit expensive."
  • "I am on a two-year contract and I pay annually for Fortinet FortiOS."
  • "It would be better if it were cheaper. We have the firewall in our office, and the license is expiring in 20 to 25 days. We got a quote for almost 80,000 Pakistani Rupees, which is a little costly."
  • More Fortinet FortiOS Pricing and Cost Advice →

  • "Sangfor is cheaper than competing vendors."
  • "The price is unmatcheable."
  • "When it comes to the price of firewall solutions, Sangfor NGAF takes the cake."
  • "Sangfor NGAF price is reasonable and there is an annual license. However, the maintenance cost can be a bit high."
  • "For four to five physical appliances for a licensed firewall, it costs approximately $4,000."
  • "The price could be more competitive."
  • "The license of Sangfor NGAF can be purchased at different interval lengths, such as annually or three years. They offer a range of packages to choose from, such as combo or hybrid packages. We are using the complete solution package which includes IM, NGF and SSL VPN, and WAF."
  • "For over 2000 users, the cost is around 5000 to 6000 USD. If you want a web application firewall, you have to purchase an additional license for it."
  • More Sangfor NGAF Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    632,779 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer: The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
    Top Answer:We started with a three-year license and have since renewed it. For three years, we paid about 2,800 KD, which is about… more »
    Top Answer:The most valuable feature of Sangfor NGAF is its integration.
    Top Answer:The license of Sangfor NGAF can be purchased at different interval lengths, such as annually or three years. They offer… more »
    Top Answer:Sangfor NGAF could improve the policies and default criteria. They could be much better.
    Comparisons
    Also Known As
    Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
    Sangfor NGAF Firewall Platform
    Learn More
    Overview

    Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.

    Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.

    Key Features of Cisco NGFW Firewalls

    • Breach prevention and advanced security: Prevent attacks before they get inside. Cisco provides its firewalls with the latest intelligence to stop emerging threats and employs filtering to enforce policies on hundreds of millions of URLs. Cisco NGFW offers built-in sandboxing and advanced malware protection that continuously analyzes file behavior to quickly detect and eliminate threats.

    • Comprehensive network visibility: Constantly monitor your network so you can rapidly spot and stop bad behavior. Cisco NGFW provides a holistic view of all activity and provides a clear picture of threat activity across users, hosts, networks, and devices, as well as information on threats and website, application, and VM activities.

    • Flexible management and deployment options: Centrally deploy, customize, and manage all your appliances.

    • Fast detection: Detect threats in seconds and detect the presence of a successful breach within hours or minutes. Cisco NGFW allows you to deploy consistent policy that's easy to maintain, with automatic enforcement across all the different parts of your organization.

    • Automation and product integrations: Seamlessly integrate with Cisco tools and automatically share threat information, event data, policy, and contextual information with email, web, endpoint, and network security tools. Cisco NGFW automates security tasks like impact assessment, policy management and tuning, and user identification.

    Reviews from Real Users

    Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.

    Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."

    Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "

    Control all the security and networking capabilities in all your FortiGates across your entire network with one intuitive operating system. Improve your protection and visibility while reducing operating expenses and saving time with a truly consolidated next generation enterprise firewall platform.

    Sangfor Next Generation Firewall (also known as NGAF) is a converged security solution providing protection against advanced threat, malware, viruses, ransomware and web-based attacks using integrated security features like firewall, IPS, anti-virus, anti-malware, APT, URL filtering, Cloud Sandbox, and WAF. As the world's first AI-enabled and fully integrated Next Generation Firewall & Web Application Firewall (WAF), NGAF offering the security visibility, real-time detection and response, simplified operation and maintenance and high-performance application layer security needed to operate an enterprise network in total security. Tested and proven to provide cutting-edge network security by ICSA Labs and endorsed by Gartner Inc., NGAF harnesses the power of Sangfor’s Neural-X threat intelligence and analytics platform and Engine Zero’s innovative malware detection to provide next-generation protection for today’s enterprise.

    Offer
    Learn more about Cisco Firepower NGFW Firewall
    Learn more about Fortinet FortiOS
    Learn more about Sangfor NGAF
    Sample Customers
    Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
    Black Gold Regional Schools, Amadeus Hospitality, Jefferson County, Chunghwa Telecom, City of Boroondara, Dimension Data
    The Ministry of Science, Technology, and Innovation (Indonesia), Lawson, Inc. (Philippines), Universiti Sultan Zainal Abidin (Indonesia), TEK Automotive (Italy), etc.
    Top Industries
    REVIEWERS
    Comms Service Provider19%
    Financial Services Firm17%
    Government13%
    Manufacturing Company6%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider18%
    Government8%
    Educational Organization5%
    REVIEWERS
    Comms Service Provider18%
    Financial Services Firm12%
    Transportation Company9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Comms Service Provider22%
    Computer Software Company20%
    Government7%
    Educational Organization5%
    REVIEWERS
    Healthcare Company25%
    Manufacturing Company25%
    Comms Service Provider13%
    Computer Software Company13%
    VISITORS READING REVIEWS
    Comms Service Provider32%
    Computer Software Company18%
    Media Company8%
    Government6%
    Company Size
    REVIEWERS
    Small Business39%
    Midsize Enterprise26%
    Large Enterprise35%
    VISITORS READING REVIEWS
    Small Business27%
    Midsize Enterprise19%
    Large Enterprise53%
    REVIEWERS
    Small Business49%
    Midsize Enterprise16%
    Large Enterprise35%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise19%
    Large Enterprise55%
    REVIEWERS
    Small Business47%
    Midsize Enterprise33%
    Large Enterprise20%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise29%
    Large Enterprise49%
    Buyer's Guide
    Fortinet FortiOS vs. Sangfor NGAF
    August 2022
    Find out what your peers are saying about Fortinet FortiOS vs. Sangfor NGAF and other solutions. Updated: August 2022.
    632,779 professionals have used our research since 2012.

    Fortinet FortiOS is ranked 14th in Firewalls with 45 reviews while Sangfor NGAF is ranked 23rd in Firewalls with 11 reviews. Fortinet FortiOS is rated 8.4, while Sangfor NGAF is rated 8.0. The top reviewer of Fortinet FortiOS writes "Great IPS and DNS filtering with useful tutorials available  ". On the other hand, the top reviewer of Sangfor NGAF writes "A scalable and comprehensive solution that specializes in ransomware detection". Fortinet FortiOS is most compared with Fortinet FortiWeb, Fortinet FortiGate, Infoblox Advanced DNS Protection, Fortinet FortiManager and Cisco ASA Firewall, whereas Sangfor NGAF is most compared with Fortinet FortiGate, Sophos XG, Sophos UTM, Palo Alto Networks NG Firewalls and OPNsense. See our Fortinet FortiOS vs. Sangfor NGAF report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.