A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?

  • 5
  • 94
PeerSpot user

5 Answers

Oct 31, 2017

Every vendor has their own perspective or approach or paradigm to security, and when you get that, things get easier from a deployment perspective.

That said, my personal feel is that it is easier to learn and master Fortinet firewalls than Cisco firewalls (and I have some experience with both). This comment is related to the older Cisco ASAs and does not necessarily apply to the Sourcefire technology, since I have no experience with that.

Whether GUI or CLI, the Fortinet devices give more flexibility and are more intuitive to learn than Cisco's ASA devices.

Search for a product comparison in Firewalls
it_user107088 - PeerSpot reviewer
Sep 17, 2014

In my opinion, you have to have a knowledge or background of what cisco routers can do and their firewall capability, cisco routers do have capabilites of a firewall, but ASA firewalls are more robust and granular in perspective.

it_user127827 - PeerSpot reviewer
Sep 16, 2014

I would agree that they can be difficult to install and manage. Part of
the issue lies in the fact that Cisco is a router and switch company and
in my opinion, much of their incursion into the security world was
driven by a "me too" rationale. The result is that creating restrictive
policies and two way ACLs can sometimes be tricky in the Cisco world.
Also, resource issues that result in network latency and slow
performance can be problematic.

Manufacturers like Fortinet, Juniper, Palo Alto, and SonicWall built
their firewalls from the ground up. They often augment their
performance through the use of custom ASICs, and the user interface
focuses on security rather than routing and switching paradigms. UI
development is often designed to facilitate the building of two way
rules and policies and logging and auditing are critical features.

My philosophy has been and continues to be to use firewalls for policy
and access control and leave routing and switching to the router and
switch manufacturers like Cisco and HP.

For the record, I have experience with Fortinet, Juniper, McAfee
(formerly Stonesoft), Palo Alto, Raptor and Sonicwall.

Please let me know if there are specific features or capabilities that
you have questions about.

Kindest regards.

it_user75036 - PeerSpot reviewer
Sep 16, 2014


Cisco Firewalls are routers with firewalls built onto them. Thus asa firewall takes some time getting used to the way they structure their firewalling, but if you know a lot about Cisco routers, it helps.

Each type of firewall has its quirks and once you have managed to get past that, all of them are a piece of cake.

it_user3483 - PeerSpot reviewer
Real User
Sep 16, 2014

Disclaimer: in the past years I have worked with security solutions coming from Cisco, Fortinet, Checkpoint and Websense. As a Lync expert I had also to manage many different reverse proxy solutions, sometimes integrated with a firewall and sometimes stand-alone.

To answer the question: All the security related software and appliances (if we are talking about the ones fit for a medium or large enterprise deployment) have a steep learning curve, with no exception.

Every vendor has a custom approach, different commands, interfaces and (also) different ways to manage the same kind of threat.

An additional level of complication is due to the fact that inside a single "box" we often find tools to manage different layers of the OSI stack and different threats. So it is necessary to know not only application security, but also routing, encryption (like IPSEC) and a long list of topics.

So, for example, a real expert with Cisco firewalls will find it a little easier to learn Fortinet or CheckPoint security if compared to a beginner (some basic concepts are the same everywhere) but some time on training and learning will be required anyway.

It is like jumping from a Windows O.S. to a Unix O.S.: they have similar features and are based on similar fundamentals but they are really different.

The most recent releases of security solutions try to help administrators, adding graphical UI and wizards, but my experience is that, sometimes, you have to use command lines to achieve a specific result (and this is true with a large number of vendors).
And, as I said, command lines vary much and this makes the work more difficult.

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
767,077 professionals have used our research since 2012.
Cisco Secure Firewall stands as a robust and adaptable security solution, catering to organizations of all sizes. It's designed to shield networks from a diverse array of cyber threats, such as ransomware, malware, and phishing attacks. Beyond mere protection, it also offers secure access to corporate resources, beneficial for employees, partners, and customers alike. One of its key functions includes network segmentation, which serves to isolate critical assets and minimize the risk of...
Download Cisco Secure Firewall ReportRead more

Related Q&As

Firewalls experts

Adrian Cambronero - PeerSpot reviewer
Diana Alvarado - PeerSpot reviewer
Jonathan Ramos G. - PeerSpot reviewer
Prateek Agarwal - PeerSpot reviewer
Nagendra Nekkala - PeerSpot reviewer
Sachin Vinay - PeerSpot reviewer
Hugo Alexis Espinoza Naranjo - PeerSpot reviewer
Edwin Solano Salmeron - PeerSpot reviewer