2017-03-23T05:17:00Z
it_user633084 - PeerSpot reviewer
Senior Enterprise Network Specialist at a financial services firm with 1,001-5,000 employees
  • 23
  • 121

Cisco Firepower vs. FortiGate

Performance comparison between Cisco Firepower and FortiGate - Which is better?

17
PeerSpot user
17 Answers
Alberto E. Luna Rodriguez - PeerSpot reviewer
Network Security Coordinator at a energy/utilities company with 1,001-5,000 employees
Real User
2017-03-27T16:13:00Z
Mar 27, 2017

The short answer is it depends on what you are looking for.

FortiGates are great devices. The offer lots of features, decent and friendly UI and overall good performance, and they do it cheaper than most others. Security features and UTM are pretty good too. However, from my experience, beware of dimensioning, if you're planning to activate several of the features a FG supports (AV, IPS, WLAN Controller and such), performance can drop substantially and cause all kinds of failures, so it might be a good idea to over-dimension your hardware a bit to avoid issues.

On the other hand, I've found Cisco to be the most stable and reliable, and offer better performance of the two. They also offer better protection and Cisco Support is the best IMO. However the prices of Cisco are often higher than other vendors. ASAs are more complex so there will be a steeper learning curve for you to get going with these and the GUI (ASDM) is lacking compared to others so knowing (and loving) the CLI is a must.

In summary, go Fortinet if you're looking for decent performance, great security and easy administration at lower prices. go Cisco if you require better security, performance and reliability, and don't mind paying a little extra and spending a few more hours learning to handle them.

Hope this helps. Regards.

Product comparison that may be of interest to you
it_user635763 - PeerSpot reviewer
Network Engineer at a tech services company with 11-50 employees
Consultant
2017-03-27T18:02:42Z
Mar 27, 2017

With a fraction of the cost , the FortiGate3600C vs. Cisco ASA5585-XSSP60 is an example of how Fortinet beats Cisco in price/performance, capacity and overall security.

it_user635715 - PeerSpot reviewer
Network and Security Teamleader at a tech services company
Consultant
2017-03-27T16:45:00Z
Mar 27, 2017

To answer your question, let me ask a question first? What's your main target? Security first or Money First? In my point of view and based on my real experience:
- Fortinet is good if you need an appliance with many features such as: antispam, antivirus, url filtering, app control, firewall. It's all-in-one solution --> Fortinet is easy to use and maintanance. But its perfomance is not so good as show on datasheet, if you turn-on IPS, the performance decreases for about 40-50%, and so on... I see a bit of my customer turn-on this feature because of its reliable. For support service, Fortinet response is poor,

- Cisco Firepower: its performance is good, if you purchase all-in-one license, you will also have features like URL Filtering, App Control, IPS. The most interesting part is AMP feature, I think it better than Fortinet product. You can view gartner report about AMP. Sourcefire has many cool features such as traffic profiling, correlation, remediation, auto discovery (host, application, user). It also has IPS auto learning feature and can help to auto tunning/ apply appropriate signatures for your application. It also has DNS security feature (using OpenDNS) to help to mitigate botnet, other features like IP Intelligence, C&C, Phishing, Spam Source... For support service, Cisco is better, with faster response time and also escalate time when your issue is very critical. Forgot to mention, Firepower can do DPI-SSL inspection, and if your infrastructure has F5, it will better to get SSL Offload to F5 and get packet inspection by Firepower, it's a good combination.

So in conclusion, if you want best in price product, you can choose Cisco. If money is a big problem, Fortinet is a choice. Also Cisco has many products that can suitable for your environment (from Firepower 2000 series to 8000 series)

Rgds,
CuongVT

Andrew S. Baker (ASB) - PeerSpot reviewer
Cybersecurity & IT Operations Professional (VirtualCxO) at BrainWave Consulting Company, LLC
Consultant
2017-10-31T15:28:03Z
Oct 31, 2017

I see a lot of these "vendor vs vendor" questions, when it really should be a question of "solution for this size network from vendor A vs vendor B".

Michael Thornton - PeerSpot reviewer
Cyber Security Consultant at a tech services company
Consultant
2017-10-03T22:52:21Z
Oct 3, 2017

Cisco Next Generation firewalls use behavioral based algorithms to perform deep packet inspection. To be fair, most Next Generation firewalls have the ability to identify malicious traffic patterns. However, Cisco Open DNS is a great way to protect organizations from Ransomeware, botnets and remote access trojans. The solution is cloud based, scalable and easy to use. Cisco Open DNS blocks access to malicious websites and other compromised systems.

it_user237144 - PeerSpot reviewer
Senior Technical Consultant - Network and Security at a tech services company with 51-200 employees
Consultant
2017-03-29T10:55:03Z
Mar 29, 2017

I would recommend Fortigate. It is easier to manage and the services which offered as UTM Bundle for IPS, AV, Anti-Spam services are excellent and it is a layer-7 firewall with very granular control of your network. The diagnose feature, packet capture and troubleshooting feature of fortigate firewall is also the best. However Cisco ASA comparitively achieves the IPS functionality through Sourcefire. The upgrade of Sourcefire takes years (Time is pretty long to do the upgrade from one version to another and it is GB sizes for a small upgrade) also the management and operational is quiet challenge in Cisco Firepower. there are alot to say for this. My choice ofcourse would be Fortinet .

Find out what your peers are saying about Cisco Secure Firewall vs. Fortinet FortiGate and other solutions. Updated: November 2022.
653,757 professionals have used our research since 2012.
Panduka Samarasinghe Cissp - PeerSpot reviewer
Security Pre-Sales Engineer - Southern Reigion at a tech services company with 51-200 employees
Real User
2017-03-28T00:00:22Z
Mar 28, 2017

Hi,

It’s tough to give a comparison without knowing what I’m comparing it with. Is there a specific Cisco Firepower model you were looking at ?

When it comes to performance between 2 vendors there are always models which can match that of the other given they stay within budget.

Cheers...

it_user418830 - PeerSpot reviewer
Consultant at a recruiting/HR firm with 501-1,000 employees
Vendor
2017-03-27T22:23:12Z
Mar 27, 2017

Based on Gartner Magic Quadrant and other third party evaluations. Fortinet' Fortigate consistently outperforms Cisco's Firepower. When sizing the box for performance, I would get Fortinet directly involved so you don't accidentally purchase an underpowered firewall.

it_user687783 - PeerSpot reviewer
Network Engineer at a tech services company with 201-500 employees
Consultant
2017-06-20T04:46:14Z
Jun 20, 2017

Fortigate is better...

it_user429021 - PeerSpot reviewer
IT Supervisor at a financial services firm with 1,001-5,000 employees
Vendor
2017-03-29T02:56:35Z
Mar 29, 2017

Fortigate

it_user636051 - PeerSpot reviewer
DataCenter Network Security Engineer at a tech services company with 201-500 employees
Consultant
2017-03-28T07:04:33Z
Mar 28, 2017

cisco is better on performance because it use the physical CPU that FORTINET , the last use ASIC.

NS
IT Network Consultant Engineer - Projects and ICT Infrastructure Services at a energy/utilities company with 1,001-5,000 employees
Consultant
2017-03-28T01:59:25Z
Mar 28, 2017

which models of Fortigates and Firepower, if the throughput and performance for the features used are comparable then it also depend how the features are used. Using all the UTM features on all traffic/all policies will slowdown the performance to some extent.
Fortigates are good with number of features enabled at the same time, on most of the traffic. Try avoiding unwanted UTM profiles on trusted traffic (eg. any inter-server traffic streams ) to improve overall performances of the box.

it_user479130 - PeerSpot reviewer
Security Solutions Architect at Presidio
MSP
2017-03-27T22:33:47Z
Mar 27, 2017

I think you would have to state what your goals in asking for a solution are, if neither meet your requirements then 'better' is a moot point. Understanding what you want from a solution should tell you which solution best meets your business requirements.

it_user494214 - PeerSpot reviewer
System & Network Administrator at a tech services company with 11-50 employees
Real User
2017-03-27T17:45:24Z
Mar 27, 2017

Fortinet FortiGate is a better choice looking at perfomance, fortigate uses purpose-built security processors drastically boosting performance and scalability to enable the fastest network security appliance. FortiGate uses FortiAsics and these security processors are used to scale from 1 Gbps to 1 Tbps of firewall throughput independent of packet size. This technology offers the ability to run multiple security applications without degradation in performance.

However if you're planing of using AV, Email Filter, App Ctrl, IPS, WLAN Controller and more, then you should really consider having a rightly spec appliance to prevent performance issues since IPS demands high processor usage.

it_user188481 - PeerSpot reviewer
Network Admin at a healthcare company with 501-1,000 employees
Real User
2017-03-27T16:25:50Z
Mar 27, 2017

The Fortigate was built from the ground up as a next gen security device while the the ASA adds license features on top of its build to try to keep up with the changing security landscape, with the Firepower purchase being the latest.

Are you comfortable in the CLI? You need to be for any Cisco device.

When it comes to cost, we were able to buy two Fortigates for less than the price of one comparable ASA and setup redundancy.

it_user447369 - PeerSpot reviewer
Owner at ANET
Vendor
2017-03-27T16:08:50Z
Mar 27, 2017

The ASA is a better overall networking/VPN device trying to improve its security, while the Fortinet is a security device trying to improve its networking. As firepower develops and improves, I think the ASA will be the better overall solution. Right now, the Fortinet is ahead with more mature overall security features, but is limited with overall networking features.

it_user468345 - PeerSpot reviewer
Pre-Sales Systems Engineer II at Dell SonicWALL
Vendor
2017-03-27T15:51:49Z
Mar 27, 2017

I think you should look at SonicWALL'S new code 6.2.6.1-25n, it is more powerful than its competitors and also can do DPI-SSL which is the need of the hour. The Content Filtering features are simply phenomenal

Related Questions
MF
User at Sameh Electronics (SamehGroup)
Jun 6, 2022
Hi security and IT pros, Which firewall product would you choose for your company: FortiGate 200F or Sophos XG 310? Why this would be your choice? Thanks in advance. 
See 2 answers
MV
Consultant with 11-50 employees
May 25, 2022
FortiGate. Fortinet is in Gartner Leader Magic Quadrant (MQ).  Sophos is in Niche Player Quadrant if I remember right.  You can never go wrong picking a vendor in the Gartner Leader MQ. Show the Gartner MQ to your leadership to get them on board too.
fdiazm - PeerSpot reviewer
Product Manager at Entel Chile
Jun 6, 2022
Hi,  If I look at it only from the point of view of analytics and performance, I lean towards Fortinet, but if I look at it at the service level and with the possibility of being part of an even larger project, this is when I don't see competitors for Fortinet and I mean the component. of after-sales services, the local presence in my country has come from less to more, which makes the difference when choosing a partner to work with.
Steve Chiyenda - PeerSpot reviewer
IT Supervisor at Blantyre Netting Company Limited
May 20, 2022
Hi peers, A week ago I lost my data through the malware from which I failed to recover as the file got corrupted.  Now, I want to work with a firewall and so am looking for suggestions on whether I should purchase Cisco Firepower or Sophos XG. Which one is a good match for an SMB? What would you recommend?
2 out of 3 answers
Bennett Gomonda - PeerSpot reviewer
Pre-Sales Support Engineer at Skyband Corporation
May 18, 2022
I prefer Sophos. I find it easy to use and it has better features on malware and threat management.
Carlos Roberto Da Silva - PeerSpot reviewer
Pre-Sales Director at 4 IT Solution
May 19, 2022
I recommend Sophos XGS firewall. It will offer the best solution for malware protection.  Also, I recomend Sophos CIXA with XDR (Sophos Endpoint), so you can use Syncronized Security.
Download Free Report
Download our FREE report comparing Cisco Secure Firewall and Fortinet FortiGate based on reviews, features, and more! Updated: November 2022.
DOWNLOAD NOW
653,757 professionals have used our research since 2012.