Cybersecurity & IT Operations Professional (VirtualCxO) at BrainWave Consulting Company, LLC
Consultant
2017-10-31T19:40:54Z
Oct 31, 2017
Every vendor has their own perspective or approach or paradigm to security, and when you get that, things get easier from a deployment perspective.
That said, my personal feel is that it is easier to learn and master Fortinet firewalls than Cisco firewalls (and I have some experience with both). This comment is related to the older Cisco ASAs and does not necessarily apply to the Sourcefire technology, since I have no experience with that.
Whether GUI or CLI, the Fortinet devices give more flexibility and are more intuitive to learn than Cisco's ASA devices.
Network Support Analyst at a non-tech company with 501-1,000 employees
Vendor
2014-09-17T04:56:09Z
Sep 17, 2014
In my opinion, you have to have a knowledge or background of what cisco routers can do and their firewall capability, cisco routers do have capabilites of a firewall, but ASA firewalls are more robust and granular in perspective.
I would agree that they can be difficult to install and manage. Part of
the issue lies in the fact that Cisco is a router and switch company and
in my opinion, much of their incursion into the security world was
driven by a "me too" rationale. The result is that creating restrictive
policies and two way ACLs can sometimes be tricky in the Cisco world.
Also, resource issues that result in network latency and slow
performance can be problematic.
Manufacturers like Fortinet, Juniper, Palo Alto, and SonicWall built
their firewalls from the ground up. They often augment their
performance through the use of custom ASICs, and the user interface
focuses on security rather than routing and switching paradigms. UI
development is often designed to facilitate the building of two way
rules and policies and logging and auditing are critical features.
My philosophy has been and continues to be to use firewalls for policy
and access control and leave routing and switching to the router and
switch manufacturers like Cisco and HP.
For the record, I have experience with Fortinet, Juniper, McAfee
(formerly Stonesoft), Palo Alto, Raptor and Sonicwall.
Please let me know if there are specific features or capabilities that
you have questions about.
Cisco Firewalls are routers with firewalls built onto them. Thus asa firewall takes some time getting used to the way they structure their firewalling, but if you know a lot about Cisco routers, it helps.
Each type of firewall has its quirks and once you have managed to get past that, all of them are a piece of cake.
Disclaimer: in the past years I have worked with security solutions coming from Cisco, Fortinet, Checkpoint and Websense. As a Lync expert I had also to manage many different reverse proxy solutions, sometimes integrated with a firewall and sometimes stand-alone.
To answer the question: All the security related software and appliances (if we are talking about the ones fit for a medium or large enterprise deployment) have a steep learning curve, with no exception.
Every vendor has a custom approach, different commands, interfaces and (also) different ways to manage the same kind of threat.
An additional level of complication is due to the fact that inside a single "box" we often find tools to manage different layers of the OSI stack and different threats. So it is necessary to know not only application security, but also routing, encryption (like IPSEC) and a long list of topics.
So, for example, a real expert with Cisco firewalls will find it a little easier to learn Fortinet or CheckPoint security if compared to a beginner (some basic concepts are the same everywhere) but some time on training and learning will be required anyway.
It is like jumping from a Windows O.S. to a Unix O.S.: they have similar features and are based on similar fundamentals but they are really different.
The most recent releases of security solutions try to help administrators, adding graphical UI and wizards, but my experience is that, sometimes, you have to use command lines to achieve a specific result (and this is true with a large number of vendors).
And, as I said, command lines vary much and this makes the work more difficult.
Hi peers,
I am an AVP at a large insurance company.
I am currently researching firewalls. What are the benefits of Fortinet FortiGate 400E versus Cisco ASA 5525? Which product do you prefer and why?
Thank you for your help.
Technology Services Director at a tech services company with 11-50 employees
Jan 20, 2023
Purely from datasheet numbers, the Fortinet 400E unit has much higher performance in most dimensions than the 5525-X appliance, but you'd need to have some specific use cases and metrics in mind to know if that applies to you. If the key metric is a bang for the buck, Fortinet usually wins until vendors start applying extra discounts to level the playing field.
Also, the 400E has been superseded by the 400F, using newer ASIC to effectively double most performance metrics, I suggest you have a look at the data sheets for that versus the current Cisco unit.
As an engineer, I find the Fortinet units much more interoperable, whereas Cisco tends to encourage the adoption of their Cisco-proprietary solutions, as part of a single-vendor fabric. Also, for more junior admins, Cisco is a CLI-first solution and always has been, with ASDM feeling bolted on afterward, whereas Fortinet has a pretty good GUI in recent years, and only requires CLI for more esoteric features.
The Cisco solution is always going to be a better fit if you want to know which solution your Cisco-trained engineers and admins need to best complement your Cisco routers, Cisco switches, Cisco WLC, and Cisco ISE. If you want throughput or port count for segregation, or a security-focused vendor with a more open feature set, Fortinet might be a better choice in my opinion.
Hi peers,
A week ago I lost my data through the malware from which I failed to recover as the file got corrupted.
Now, I want to work with a firewall and so am looking for suggestions on whether I should purchase Cisco Firepower or Sophos XG. Which one is a good match for an SMB? What would you recommend?
I recommend Sophos XGS firewall. It will offer the best solution for malware protection.
Also, I recomend Sophos CIXA with XDR (Sophos Endpoint), so you can use Syncronized Security.
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote!
If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too!
...
Hi dear community members,
In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own!
Trending
These are the topics your peers are talking about on PeerSpot this week
How do I estimate the requir...
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers!
Also, special thanks to the articles' contributors included in this Community Spotlight:
@Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Dear PeerSpot community members,
This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.
Check them out!
Trending
See what your peers are discussing at the moment!
What were your main pain points during the SIEM product purchase process?
What...
Hi peers,
This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.
Articles
Check the top products and solutions below (selected based on peer reviews) or contribute your own article!
Top Security Orchestration Automation and Response (SOAR) Solutions
Top 8 Data Loss Prevention (DL...
Hi community members,
As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers.
Trending
See what is trending at the moment and chime in to discuss!
Top 8 Extended Detection and Response (XDR) Tools 2022
Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
What is the...
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Every vendor has their own perspective or approach or paradigm to security, and when you get that, things get easier from a deployment perspective.
That said, my personal feel is that it is easier to learn and master Fortinet firewalls than Cisco firewalls (and I have some experience with both). This comment is related to the older Cisco ASAs and does not necessarily apply to the Sourcefire technology, since I have no experience with that.
Whether GUI or CLI, the Fortinet devices give more flexibility and are more intuitive to learn than Cisco's ASA devices.
In my opinion, you have to have a knowledge or background of what cisco routers can do and their firewall capability, cisco routers do have capabilites of a firewall, but ASA firewalls are more robust and granular in perspective.
I would agree that they can be difficult to install and manage. Part of
the issue lies in the fact that Cisco is a router and switch company and
in my opinion, much of their incursion into the security world was
driven by a "me too" rationale. The result is that creating restrictive
policies and two way ACLs can sometimes be tricky in the Cisco world.
Also, resource issues that result in network latency and slow
performance can be problematic.
Manufacturers like Fortinet, Juniper, Palo Alto, and SonicWall built
their firewalls from the ground up. They often augment their
performance through the use of custom ASICs, and the user interface
focuses on security rather than routing and switching paradigms. UI
development is often designed to facilitate the building of two way
rules and policies and logging and auditing are critical features.
My philosophy has been and continues to be to use firewalls for policy
and access control and leave routing and switching to the router and
switch manufacturers like Cisco and HP.
For the record, I have experience with Fortinet, Juniper, McAfee
(formerly Stonesoft), Palo Alto, Raptor and Sonicwall.
Please let me know if there are specific features or capabilities that
you have questions about.
Kindest regards.
Hi,
Cisco Firewalls are routers with firewalls built onto them. Thus asa firewall takes some time getting used to the way they structure their firewalling, but if you know a lot about Cisco routers, it helps.
Each type of firewall has its quirks and once you have managed to get past that, all of them are a piece of cake.
Disclaimer: in the past years I have worked with security solutions coming from Cisco, Fortinet, Checkpoint and Websense. As a Lync expert I had also to manage many different reverse proxy solutions, sometimes integrated with a firewall and sometimes stand-alone.
To answer the question: All the security related software and appliances (if we are talking about the ones fit for a medium or large enterprise deployment) have a steep learning curve, with no exception.
Every vendor has a custom approach, different commands, interfaces and (also) different ways to manage the same kind of threat.
An additional level of complication is due to the fact that inside a single "box" we often find tools to manage different layers of the OSI stack and different threats. So it is necessary to know not only application security, but also routing, encryption (like IPSEC) and a long list of topics.
So, for example, a real expert with Cisco firewalls will find it a little easier to learn Fortinet or CheckPoint security if compared to a beginner (some basic concepts are the same everywhere) but some time on training and learning will be required anyway.
It is like jumping from a Windows O.S. to a Unix O.S.: they have similar features and are based on similar fundamentals but they are really different.
The most recent releases of security solutions try to help administrators, adding graphical UI and wizards, but my experience is that, sometimes, you have to use command lines to achieve a specific result (and this is true with a large number of vendors).
And, as I said, command lines vary much and this makes the work more difficult.