2014-09-16T09:58:00Z
AS
Community Manager at PeerSpot (formerly IT Central Station)
  • 5
  • 63

A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?

Is that true of other firewalls you have tested?

See review at http://www.itcentralstation.com/product_reviews/cisco-asa-review-by-marcelo-zamorano

5
PeerSpot user
5 Answers
AB
Cybersecurity & IT Operations Professional (VirtualCxO) at BrainWave Consulting Company, LLC
Consultant
2017-10-31T19:40:54Z
Oct 31, 2017

Every vendor has their own perspective or approach or paradigm to security, and when you get that, things get easier from a deployment perspective.

That said, my personal feel is that it is easier to learn and master Fortinet firewalls than Cisco firewalls (and I have some experience with both). This comment is related to the older Cisco ASAs and does not necessarily apply to the Sourcefire technology, since I have no experience with that.

Whether GUI or CLI, the Fortinet devices give more flexibility and are more intuitive to learn than Cisco's ASA devices.

Search for a product comparison in Firewalls
it_user107088 - PeerSpot reviewer
Network Support Analyst at a non-tech company with 501-1,000 employees
Vendor
2014-09-17T04:56:09Z
Sep 17, 2014

In my opinion, you have to have a knowledge or background of what cisco routers can do and their firewall capability, cisco routers do have capabilites of a firewall, but ASA firewalls are more robust and granular in perspective.

it_user127827 - PeerSpot reviewer
Security Expert
Vendor
2014-09-16T15:20:07Z
Sep 16, 2014

I would agree that they can be difficult to install and manage. Part of
the issue lies in the fact that Cisco is a router and switch company and
in my opinion, much of their incursion into the security world was
driven by a "me too" rationale. The result is that creating restrictive
policies and two way ACLs can sometimes be tricky in the Cisco world.
Also, resource issues that result in network latency and slow
performance can be problematic.

Manufacturers like Fortinet, Juniper, Palo Alto, and SonicWall built
their firewalls from the ground up. They often augment their
performance through the use of custom ASICs, and the user interface
focuses on security rather than routing and switching paradigms. UI
development is often designed to facilitate the building of two way
rules and policies and logging and auditing are critical features.

My philosophy has been and continues to be to use firewalls for policy
and access control and leave routing and switching to the router and
switch manufacturers like Cisco and HP.

For the record, I have experience with Fortinet, Juniper, McAfee
(formerly Stonesoft), Palo Alto, Raptor and Sonicwall.

Please let me know if there are specific features or capabilities that
you have questions about.

Kindest regards.

it_user75036 - PeerSpot reviewer
User at a tech company with 51-200 employees
Vendor
2014-09-16T13:57:34Z
Sep 16, 2014

Hi,

Cisco Firewalls are routers with firewalls built onto them. Thus asa firewall takes some time getting used to the way they structure their firewalling, but if you know a lot about Cisco routers, it helps.

Each type of firewall has its quirks and once you have managed to get past that, all of them are a piece of cake.

it_user3483 - PeerSpot reviewer
Senior Consultant at Unify Square
Real User
2014-09-16T10:20:40Z
Sep 16, 2014

Disclaimer: in the past years I have worked with security solutions coming from Cisco, Fortinet, Checkpoint and Websense. As a Lync expert I had also to manage many different reverse proxy solutions, sometimes integrated with a firewall and sometimes stand-alone.

To answer the question: All the security related software and appliances (if we are talking about the ones fit for a medium or large enterprise deployment) have a steep learning curve, with no exception.

Every vendor has a custom approach, different commands, interfaces and (also) different ways to manage the same kind of threat.

An additional level of complication is due to the fact that inside a single "box" we often find tools to manage different layers of the OSI stack and different threats. So it is necessary to know not only application security, but also routing, encryption (like IPSEC) and a long list of topics.

So, for example, a real expert with Cisco firewalls will find it a little easier to learn Fortinet or CheckPoint security if compared to a beginner (some basic concepts are the same everywhere) but some time on training and learning will be required anyway.

It is like jumping from a Windows O.S. to a Unix O.S.: they have similar features and are based on similar fundamentals but they are really different.

The most recent releases of security solutions try to help administrators, adding graphical UI and wizards, but my experience is that, sometimes, you have to use command lines to achieve a specific result (and this is true with a large number of vendors).
And, as I said, command lines vary much and this makes the work more difficult.

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
670,400 professionals have used our research since 2012.
Related Questions
Jitender Joshi - PeerSpot reviewer
AVP : Technology Solutions Group at Pramerica
Jan 20, 2023
Hi peers,  I am an AVP at a large insurance company. I am currently researching firewalls. What are the benefits of Fortinet FortiGate 400E versus Cisco ASA 5525? Which product do you prefer and why? Thank you for your help.
See 1 answer
NM
Technology Services Director at a tech services company with 11-50 employees
Jan 20, 2023
Purely from datasheet numbers, the Fortinet 400E unit has much higher performance in most dimensions than the 5525-X appliance, but you'd need to have some specific use cases and metrics in mind to know if that applies to you. If the key metric is a bang for the buck, Fortinet usually wins until vendors start applying extra discounts to level the playing field. Also, the 400E has been superseded by the 400F, using newer ASIC to effectively double most performance metrics, I suggest you have a look at the data sheets for that versus the current Cisco unit. As an engineer, I find the Fortinet units much more interoperable, whereas Cisco tends to encourage the adoption of their Cisco-proprietary solutions, as part of a single-vendor fabric. Also, for more junior admins, Cisco is a CLI-first solution and always has been, with ASDM feeling bolted on afterward, whereas Fortinet has a pretty good GUI in recent years, and only requires CLI for more esoteric features. The Cisco solution is always going to be a better fit if you want to know which solution your Cisco-trained engineers and admins need to best complement your Cisco routers, Cisco switches, Cisco WLC, and Cisco ISE. If you want throughput or port count for segregation, or a security-focused vendor with a more open feature set, Fortinet might be a better choice in my opinion.
Steve Chiyenda - PeerSpot reviewer
IT Supervisor at Blantyre Netting Company Limited
May 20, 2022
Hi peers, A week ago I lost my data through the malware from which I failed to recover as the file got corrupted.  Now, I want to work with a firewall and so am looking for suggestions on whether I should purchase Cisco Firepower or Sophos XG. Which one is a good match for an SMB? What would you recommend?
2 out of 3 answers
Bennett Gomonda - PeerSpot reviewer
Pre-Sales Support Engineer at Skyband Corporation
May 18, 2022
I prefer Sophos. I find it easy to use and it has better features on malware and threat management.
Carlos Roberto Da Silva - PeerSpot reviewer
Pre-Sales Director at 4 IT Solution
May 19, 2022
I recommend Sophos XGS firewall. It will offer the best solution for malware protection.  Also, I recomend Sophos CIXA with XDR (Sophos Endpoint), so you can use Syncronized Security.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
EB
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
RS
Performance and Fault-tolerance Architect with 1,001-5,000 employees
May 30, 2022
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Related Categories
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Download Free Report
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
DOWNLOAD NOW
670,400 professionals have used our research since 2012.