2017-03-23T05:17:00Z

Cisco Firepower vs. FortiGate

Performance comparison between Cisco Firepower and FortiGate - Which is better?

it_user633084 - PeerSpot reviewer
Senior Enterprise Network Specialist at a financial services firm with 1,001-5,000 employees
  • 23
  • 201
17
PeerSpot user
17 Answers
AL
Network Security Coordinator at a energy/utilities company with 1,001-5,000 employees
Real User
2017-03-27T16:13:00Z
Mar 27, 2017

The short answer is it depends on what you are looking for.

FortiGates are great devices. The offer lots of features, decent and friendly UI and overall good performance, and they do it cheaper than most others. Security features and UTM are pretty good too. However, from my experience, beware of dimensioning, if you're planning to activate several of the features a FG supports (AV, IPS, WLAN Controller and such), performance can drop substantially and cause all kinds of failures, so it might be a good idea to over-dimension your hardware a bit to avoid issues.

On the other hand, I've found Cisco to be the most stable and reliable, and offer better performance of the two. They also offer better protection and Cisco Support is the best IMO. However the prices of Cisco are often higher than other vendors. ASAs are more complex so there will be a steeper learning curve for you to get going with these and the GUI (ASDM) is lacking compared to others so knowing (and loving) the CLI is a must.

In summary, go Fortinet if you're looking for decent performance, great security and easy administration at lower prices. go Cisco if you require better security, performance and reliability, and don't mind paying a little extra and spending a few more hours learning to handle them.

Hope this helps. Regards.

Product comparison that may be of interest to you
it_user635763 - PeerSpot reviewer
Network Engineer at a tech services company with 11-50 employees
Consultant
2017-03-27T18:02:42Z
Mar 27, 2017

With a fraction of the cost , the FortiGate3600C vs. Cisco ASA5585-XSSP60 is an example of how Fortinet beats Cisco in price/performance, capacity and overall security.

it_user635715 - PeerSpot reviewer
Network and Security Teamleader at a tech services company
Consultant
2017-03-27T16:45:00Z
Mar 27, 2017

To answer your question, let me ask a question first? What's your main target? Security first or Money First? In my point of view and based on my real experience:
- Fortinet is good if you need an appliance with many features such as: antispam, antivirus, url filtering, app control, firewall. It's all-in-one solution --> Fortinet is easy to use and maintanance. But its perfomance is not so good as show on datasheet, if you turn-on IPS, the performance decreases for about 40-50%, and so on... I see a bit of my customer turn-on this feature because of its reliable. For support service, Fortinet response is poor,

- Cisco Firepower: its performance is good, if you purchase all-in-one license, you will also have features like URL Filtering, App Control, IPS. The most interesting part is AMP feature, I think it better than Fortinet product. You can view gartner report about AMP. Sourcefire has many cool features such as traffic profiling, correlation, remediation, auto discovery (host, application, user). It also has IPS auto learning feature and can help to auto tunning/ apply appropriate signatures for your application. It also has DNS security feature (using OpenDNS) to help to mitigate botnet, other features like IP Intelligence, C&C, Phishing, Spam Source... For support service, Cisco is better, with faster response time and also escalate time when your issue is very critical. Forgot to mention, Firepower can do DPI-SSL inspection, and if your infrastructure has F5, it will better to get SSL Offload to F5 and get packet inspection by Firepower, it's a good combination.

So in conclusion, if you want best in price product, you can choose Cisco. If money is a big problem, Fortinet is a choice. Also Cisco has many products that can suitable for your environment (from Firepower 2000 series to 8000 series)

Rgds,
CuongVT

AB
Cybersecurity & IT Operations Professional (VirtualCxO) at BrainWave Consulting Company, LLC
Consultant
2017-10-31T15:28:03Z
Oct 31, 2017

I see a lot of these "vendor vs vendor" questions, when it really should be a question of "solution for this size network from vendor A vs vendor B".

MT
Cyber Security Consultant at a tech services company
Consultant
2017-10-03T22:52:21Z
Oct 3, 2017

Cisco Next Generation firewalls use behavioral based algorithms to perform deep packet inspection. To be fair, most Next Generation firewalls have the ability to identify malicious traffic patterns. However, Cisco Open DNS is a great way to protect organizations from Ransomeware, botnets and remote access trojans. The solution is cloud based, scalable and easy to use. Cisco Open DNS blocks access to malicious websites and other compromised systems.

it_user237144 - PeerSpot reviewer
Senior Technical Consultant - Network and Security at a tech services company with 51-200 employees
Consultant
2017-03-29T10:55:03Z
Mar 29, 2017

I would recommend Fortigate. It is easier to manage and the services which offered as UTM Bundle for IPS, AV, Anti-Spam services are excellent and it is a layer-7 firewall with very granular control of your network. The diagnose feature, packet capture and troubleshooting feature of fortigate firewall is also the best. However Cisco ASA comparitively achieves the IPS functionality through Sourcefire. The upgrade of Sourcefire takes years (Time is pretty long to do the upgrade from one version to another and it is GB sizes for a small upgrade) also the management and operational is quiet challenge in Cisco Firepower. there are alot to say for this. My choice ofcourse would be Fortinet .

Find out what your peers are saying about Cisco Secure Firewall vs. Fortinet FortiGate and other solutions. Updated: September 2023.
735,226 professionals have used our research since 2012.
PS
Security Pre-Sales Engineer - Southern Reigion at a tech services company with 51-200 employees
Real User
2017-03-28T00:00:22Z
Mar 28, 2017

Hi,

It’s tough to give a comparison without knowing what I’m comparing it with. Is there a specific Cisco Firepower model you were looking at ?

When it comes to performance between 2 vendors there are always models which can match that of the other given they stay within budget.

Cheers...

it_user418830 - PeerSpot reviewer
Consultant at a recruiting/HR firm with 501-1,000 employees
Vendor
2017-03-27T22:23:12Z
Mar 27, 2017

Based on Gartner Magic Quadrant and other third party evaluations. Fortinet' Fortigate consistently outperforms Cisco's Firepower. When sizing the box for performance, I would get Fortinet directly involved so you don't accidentally purchase an underpowered firewall.

it_user687783 - PeerSpot reviewer
Network Engineer at a tech services company with 201-500 employees
Consultant
2017-06-20T04:46:14Z
Jun 20, 2017

Fortigate is better...

it_user429021 - PeerSpot reviewer
IT Supervisor at a financial services firm with 1,001-5,000 employees
Vendor
2017-03-29T02:56:35Z
Mar 29, 2017

Fortigate

it_user636051 - PeerSpot reviewer
DataCenter Network Security Engineer at a tech services company with 201-500 employees
Consultant
2017-03-28T07:04:33Z
Mar 28, 2017

cisco is better on performance because it use the physical CPU that FORTINET , the last use ASIC.

NS
IT Network Consultant Engineer - Projects and ICT Infrastructure Services at a energy/utilities company with 1,001-5,000 employees
Consultant
2017-03-28T01:59:25Z
Mar 28, 2017

which models of Fortigates and Firepower, if the throughput and performance for the features used are comparable then it also depend how the features are used. Using all the UTM features on all traffic/all policies will slowdown the performance to some extent.
Fortigates are good with number of features enabled at the same time, on most of the traffic. Try avoiding unwanted UTM profiles on trusted traffic (eg. any inter-server traffic streams ) to improve overall performances of the box.

it_user479130 - PeerSpot reviewer
Security Solutions Architect at Presidio
MSP
2017-03-27T22:33:47Z
Mar 27, 2017

I think you would have to state what your goals in asking for a solution are, if neither meet your requirements then 'better' is a moot point. Understanding what you want from a solution should tell you which solution best meets your business requirements.

it_user494214 - PeerSpot reviewer
System & Network Administrator at a tech services company with 11-50 employees
Real User
2017-03-27T17:45:24Z
Mar 27, 2017

Fortinet FortiGate is a better choice looking at perfomance, fortigate uses purpose-built security processors drastically boosting performance and scalability to enable the fastest network security appliance. FortiGate uses FortiAsics and these security processors are used to scale from 1 Gbps to 1 Tbps of firewall throughput independent of packet size. This technology offers the ability to run multiple security applications without degradation in performance.

However if you're planing of using AV, Email Filter, App Ctrl, IPS, WLAN Controller and more, then you should really consider having a rightly spec appliance to prevent performance issues since IPS demands high processor usage.

it_user188481 - PeerSpot reviewer
Network Admin at a healthcare company with 501-1,000 employees
Real User
2017-03-27T16:25:50Z
Mar 27, 2017

The Fortigate was built from the ground up as a next gen security device while the the ASA adds license features on top of its build to try to keep up with the changing security landscape, with the Firepower purchase being the latest.

Are you comfortable in the CLI? You need to be for any Cisco device.

When it comes to cost, we were able to buy two Fortigates for less than the price of one comparable ASA and setup redundancy.

it_user447369 - PeerSpot reviewer
Owner at ANET
Vendor
2017-03-27T16:08:50Z
Mar 27, 2017

The ASA is a better overall networking/VPN device trying to improve its security, while the Fortinet is a security device trying to improve its networking. As firepower develops and improves, I think the ASA will be the better overall solution. Right now, the Fortinet is ahead with more mature overall security features, but is limited with overall networking features.

it_user468345 - PeerSpot reviewer
Pre-Sales Systems Engineer II at Dell SonicWALL
Vendor
2017-03-27T15:51:49Z
Mar 27, 2017

I think you should look at SonicWALL'S new code 6.2.6.1-25n, it is more powerful than its competitors and also can do DPI-SSL which is the need of the hour. The Content Filtering features are simply phenomenal

Related Questions
reviewer2248338 - PeerSpot reviewer
User at IDC Corporate
Aug 1, 2023
Hello peers,  I work for a large computer software company. I am currently researching Palo Alto Networks and its products. How do Palo Alto Networks' security features compare to other security vendors like Cisco? Thank you for your help.
See 1 answer
CS
Information Security Manager at a financial services firm with 501-1,000 employees
Aug 1, 2023
We did a head-to-head comparison and live tested 2 pretty beefy models from each company.  Palo absolutely blew Cisco out of the water.  There is a major difference in a company focused on firewalls first and then migrating into complementary security technologies to integrate them to make a comprehensive security ecosystem vs another company saying they are doing the same thing, but actually just piecemealing things together.  Palo has some issues, too.  But their product offerings are top-notch, their roadmap is cutting edge, and overall they are building a security ecosystem that actually functions and isn't mainly marketing and sales material.  It works!
MA
Cloud Engineer at Inara Technologies
Jun 5, 2023
Hello community,  I am a Cloud Engineer at a small tech services company.  I am currently researching firewalls. Which solution do you prefer: Palo Alto Networks PA-3410 Firewall or FortiGate 601F? What are the pros and cons of each solution? Thank you for your help.
See 1 answer
Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
Jun 5, 2023
Hi Muhammad, You are telling us your company is small, but for choice active equipment you need to know how big the need for your client is, not yours. And also you may discuss if you are the provider of the tech service for management (local or remote), or if you're just going to provide the equipment for some internal IT by your customer.So, there are a few questions before choosing the Router/Gateway, but if you already have an answer for all that, I'll go for Sophos XG Firewall every time, if the customer can afford it or for smaller customer Ubiquiti Edge Infinity Router. Good luck
Product Comparisons
Download Free Report
Download our FREE report comparing Cisco Secure Firewall and Fortinet FortiGate based on reviews, features, and more! Updated: September 2023.
DOWNLOAD NOW
735,226 professionals have used our research since 2012.