Network Security Coordinator at a energy/utilities company with 1,001-5,000 employees
Real User
2017-03-27T16:13:00Z
Mar 27, 2017
The short answer is it depends on what you are looking for.
FortiGates are great devices. The offer lots of features, decent and friendly UI and overall good performance, and they do it cheaper than most others. Security features and UTM are pretty good too. However, from my experience, beware of dimensioning, if you're planning to activate several of the features a FG supports (AV, IPS, WLAN Controller and such), performance can drop substantially and cause all kinds of failures, so it might be a good idea to over-dimension your hardware a bit to avoid issues.
On the other hand, I've found Cisco to be the most stable and reliable, and offer better performance of the two. They also offer better protection and Cisco Support is the best IMO. However the prices of Cisco are often higher than other vendors. ASAs are more complex so there will be a steeper learning curve for you to get going with these and the GUI (ASDM) is lacking compared to others so knowing (and loving) the CLI is a must.
In summary, go Fortinet if you're looking for decent performance, great security and easy administration at lower prices. go Cisco if you require better security, performance and reliability, and don't mind paying a little extra and spending a few more hours learning to handle them.
Network Engineer at a tech services company with 11-50 employees
Consultant
2017-03-27T18:02:42Z
Mar 27, 2017
With a fraction of the cost , the FortiGate3600C vs. Cisco ASA5585-XSSP60 is an example of how Fortinet beats Cisco in price/performance, capacity and overall security.
Network and Security Teamleader at a tech services company
Consultant
2017-03-27T16:45:00Z
Mar 27, 2017
To answer your question, let me ask a question first? What's your main target? Security first or Money First? In my point of view and based on my real experience:
- Fortinet is good if you need an appliance with many features such as: antispam, antivirus, url filtering, app control, firewall. It's all-in-one solution --> Fortinet is easy to use and maintanance. But its perfomance is not so good as show on datasheet, if you turn-on IPS, the performance decreases for about 40-50%, and so on... I see a bit of my customer turn-on this feature because of its reliable. For support service, Fortinet response is poor,
- Cisco Firepower: its performance is good, if you purchase all-in-one license, you will also have features like URL Filtering, App Control, IPS. The most interesting part is AMP feature, I think it better than Fortinet product. You can view gartner report about AMP. Sourcefire has many cool features such as traffic profiling, correlation, remediation, auto discovery (host, application, user). It also has IPS auto learning feature and can help to auto tunning/ apply appropriate signatures for your application. It also has DNS security feature (using OpenDNS) to help to mitigate botnet, other features like IP Intelligence, C&C, Phishing, Spam Source... For support service, Cisco is better, with faster response time and also escalate time when your issue is very critical. Forgot to mention, Firepower can do DPI-SSL inspection, and if your infrastructure has F5, it will better to get SSL Offload to F5 and get packet inspection by Firepower, it's a good combination.
So in conclusion, if you want best in price product, you can choose Cisco. If money is a big problem, Fortinet is a choice. Also Cisco has many products that can suitable for your environment (from Firepower 2000 series to 8000 series)
Cyber Security Consultant at a tech services company
Consultant
2017-10-03T22:52:21Z
Oct 3, 2017
Cisco Next Generation firewalls use behavioral based algorithms to perform deep packet inspection. To be fair, most Next Generation firewalls have the ability to identify malicious traffic patterns. However, Cisco Open DNS is a great way to protect organizations from Ransomeware, botnets and remote access trojans. The solution is cloud based, scalable and easy to use. Cisco Open DNS blocks access to malicious websites and other compromised systems.
Senior Technical Consultant - Network and Security at a tech services company with 51-200 employees
Consultant
2017-03-29T10:55:03Z
Mar 29, 2017
I would recommend Fortigate. It is easier to manage and the services which offered as UTM Bundle for IPS, AV, Anti-Spam services are excellent and it is a layer-7 firewall with very granular control of your network. The diagnose feature, packet capture and troubleshooting feature of fortigate firewall is also the best. However Cisco ASA comparitively achieves the IPS functionality through Sourcefire. The upgrade of Sourcefire takes years (Time is pretty long to do the upgrade from one version to another and it is GB sizes for a small upgrade) also the management and operational is quiet challenge in Cisco Firepower. there are alot to say for this. My choice ofcourse would be Fortinet .
Consultant at a recruiting/HR firm with 501-1,000 employees
Vendor
2017-03-27T22:23:12Z
Mar 27, 2017
Based on Gartner Magic Quadrant and other third party evaluations. Fortinet' Fortigate consistently outperforms Cisco's Firepower. When sizing the box for performance, I would get Fortinet directly involved so you don't accidentally purchase an underpowered firewall.
IT Network Consultant Engineer - Projects and ICT Infrastructure Services at a energy/utilities company with 1,001-5,000 employees
Consultant
2017-03-28T01:59:25Z
Mar 28, 2017
which models of Fortigates and Firepower, if the throughput and performance for the features used are comparable then it also depend how the features are used. Using all the UTM features on all traffic/all policies will slowdown the performance to some extent.
Fortigates are good with number of features enabled at the same time, on most of the traffic. Try avoiding unwanted UTM profiles on trusted traffic (eg. any inter-server traffic streams ) to improve overall performances of the box.
I think you would have to state what your goals in asking for a solution are, if neither meet your requirements then 'better' is a moot point. Understanding what you want from a solution should tell you which solution best meets your business requirements.
System & Network Administrator at a tech services company with 11-50 employees
Real User
2017-03-27T17:45:24Z
Mar 27, 2017
Fortinet FortiGate is a better choice looking at perfomance, fortigate uses purpose-built security processors drastically boosting performance and scalability to enable the fastest network security appliance. FortiGate uses FortiAsics and these security processors are used to scale from 1 Gbps to 1 Tbps of firewall throughput independent of packet size. This technology offers the ability to run multiple security applications without degradation in performance.
However if you're planing of using AV, Email Filter, App Ctrl, IPS, WLAN Controller and more, then you should really consider having a rightly spec appliance to prevent performance issues since IPS demands high processor usage.
Network Admin at a healthcare company with 501-1,000 employees
Real User
2017-03-27T16:25:50Z
Mar 27, 2017
The Fortigate was built from the ground up as a next gen security device while the the ASA adds license features on top of its build to try to keep up with the changing security landscape, with the Firepower purchase being the latest.
Are you comfortable in the CLI? You need to be for any Cisco device.
When it comes to cost, we were able to buy two Fortigates for less than the price of one comparable ASA and setup redundancy.
The ASA is a better overall networking/VPN device trying to improve its security, while the Fortinet is a security device trying to improve its networking. As firepower develops and improves, I think the ASA will be the better overall solution. Right now, the Fortinet is ahead with more mature overall security features, but is limited with overall networking features.
I think you should look at SonicWALL'S new code 6.2.6.1-25n, it is more powerful than its competitors and also can do DPI-SSL which is the need of the hour. The Content Filtering features are simply phenomenal
Hello peers,
I work for a large computer software company.
I am currently researching Palo Alto Networks and its products. How do Palo Alto Networks' security features compare to other security vendors like Cisco?
Thank you for your help.
Information Security Manager at a financial services firm with 501-1,000 employees
Aug 1, 2023
We did a head-to-head comparison and live tested 2 pretty beefy models from each company. Palo absolutely blew Cisco out of the water. There is a major difference in a company focused on firewalls first and then migrating into complementary security technologies to integrate them to make a comprehensive security ecosystem vs another company saying they are doing the same thing, but actually just piecemealing things together. Palo has some issues, too. But their product offerings are top-notch, their roadmap is cutting edge, and overall they are building a security ecosystem that actually functions and isn't mainly marketing and sales material. It works!
Hello community,
I am a Cloud Engineer at a small tech services company.
I am currently researching firewalls. Which solution do you prefer: Palo Alto Networks PA-3410 Firewall or FortiGate 601F? What are the pros and cons of each solution?
Thank you for your help.
IT Support and Network Admin at Escuela Carlos Pereyra
Jun 5, 2023
Hi Muhammad,
You are telling us your company is small, but for choice active equipment you need to know how big the need for your client is, not yours.
And also you may discuss if you are the provider of the tech service for management (local or remote), or if you're just going to provide the equipment for some internal IT by your customer.So, there are a few questions before choosing the Router/Gateway, but if you already have an answer for all that, I'll go for Sophos XG Firewall every time, if the customer can afford it or for smaller customer Ubiquiti Edge Infinity Router.
Good luck
The short answer is it depends on what you are looking for.
FortiGates are great devices. The offer lots of features, decent and friendly UI and overall good performance, and they do it cheaper than most others. Security features and UTM are pretty good too. However, from my experience, beware of dimensioning, if you're planning to activate several of the features a FG supports (AV, IPS, WLAN Controller and such), performance can drop substantially and cause all kinds of failures, so it might be a good idea to over-dimension your hardware a bit to avoid issues.
On the other hand, I've found Cisco to be the most stable and reliable, and offer better performance of the two. They also offer better protection and Cisco Support is the best IMO. However the prices of Cisco are often higher than other vendors. ASAs are more complex so there will be a steeper learning curve for you to get going with these and the GUI (ASDM) is lacking compared to others so knowing (and loving) the CLI is a must.
In summary, go Fortinet if you're looking for decent performance, great security and easy administration at lower prices. go Cisco if you require better security, performance and reliability, and don't mind paying a little extra and spending a few more hours learning to handle them.
Hope this helps. Regards.
With a fraction of the cost , the FortiGate3600C vs. Cisco ASA5585-XSSP60 is an example of how Fortinet beats Cisco in price/performance, capacity and overall security.
To answer your question, let me ask a question first? What's your main target? Security first or Money First? In my point of view and based on my real experience:
- Fortinet is good if you need an appliance with many features such as: antispam, antivirus, url filtering, app control, firewall. It's all-in-one solution --> Fortinet is easy to use and maintanance. But its perfomance is not so good as show on datasheet, if you turn-on IPS, the performance decreases for about 40-50%, and so on... I see a bit of my customer turn-on this feature because of its reliable. For support service, Fortinet response is poor,
- Cisco Firepower: its performance is good, if you purchase all-in-one license, you will also have features like URL Filtering, App Control, IPS. The most interesting part is AMP feature, I think it better than Fortinet product. You can view gartner report about AMP. Sourcefire has many cool features such as traffic profiling, correlation, remediation, auto discovery (host, application, user). It also has IPS auto learning feature and can help to auto tunning/ apply appropriate signatures for your application. It also has DNS security feature (using OpenDNS) to help to mitigate botnet, other features like IP Intelligence, C&C, Phishing, Spam Source... For support service, Cisco is better, with faster response time and also escalate time when your issue is very critical. Forgot to mention, Firepower can do DPI-SSL inspection, and if your infrastructure has F5, it will better to get SSL Offload to F5 and get packet inspection by Firepower, it's a good combination.
So in conclusion, if you want best in price product, you can choose Cisco. If money is a big problem, Fortinet is a choice. Also Cisco has many products that can suitable for your environment (from Firepower 2000 series to 8000 series)
Rgds,
CuongVT
I see a lot of these "vendor vs vendor" questions, when it really should be a question of "solution for this size network from vendor A vs vendor B".
Cisco Next Generation firewalls use behavioral based algorithms to perform deep packet inspection. To be fair, most Next Generation firewalls have the ability to identify malicious traffic patterns. However, Cisco Open DNS is a great way to protect organizations from Ransomeware, botnets and remote access trojans. The solution is cloud based, scalable and easy to use. Cisco Open DNS blocks access to malicious websites and other compromised systems.
I would recommend Fortigate. It is easier to manage and the services which offered as UTM Bundle for IPS, AV, Anti-Spam services are excellent and it is a layer-7 firewall with very granular control of your network. The diagnose feature, packet capture and troubleshooting feature of fortigate firewall is also the best. However Cisco ASA comparitively achieves the IPS functionality through Sourcefire. The upgrade of Sourcefire takes years (Time is pretty long to do the upgrade from one version to another and it is GB sizes for a small upgrade) also the management and operational is quiet challenge in Cisco Firepower. there are alot to say for this. My choice ofcourse would be Fortinet .
Hi,
It’s tough to give a comparison without knowing what I’m comparing it with. Is there a specific Cisco Firepower model you were looking at ?
When it comes to performance between 2 vendors there are always models which can match that of the other given they stay within budget.
Cheers...
Based on Gartner Magic Quadrant and other third party evaluations. Fortinet' Fortigate consistently outperforms Cisco's Firepower. When sizing the box for performance, I would get Fortinet directly involved so you don't accidentally purchase an underpowered firewall.
Fortigate is better...
Fortigate
cisco is better on performance because it use the physical CPU that FORTINET , the last use ASIC.
which models of Fortigates and Firepower, if the throughput and performance for the features used are comparable then it also depend how the features are used. Using all the UTM features on all traffic/all policies will slowdown the performance to some extent.
Fortigates are good with number of features enabled at the same time, on most of the traffic. Try avoiding unwanted UTM profiles on trusted traffic (eg. any inter-server traffic streams ) to improve overall performances of the box.
I think you would have to state what your goals in asking for a solution are, if neither meet your requirements then 'better' is a moot point. Understanding what you want from a solution should tell you which solution best meets your business requirements.
Fortinet FortiGate is a better choice looking at perfomance, fortigate uses purpose-built security processors drastically boosting performance and scalability to enable the fastest network security appliance. FortiGate uses FortiAsics and these security processors are used to scale from 1 Gbps to 1 Tbps of firewall throughput independent of packet size. This technology offers the ability to run multiple security applications without degradation in performance.
However if you're planing of using AV, Email Filter, App Ctrl, IPS, WLAN Controller and more, then you should really consider having a rightly spec appliance to prevent performance issues since IPS demands high processor usage.
The Fortigate was built from the ground up as a next gen security device while the the ASA adds license features on top of its build to try to keep up with the changing security landscape, with the Firepower purchase being the latest.
Are you comfortable in the CLI? You need to be for any Cisco device.
When it comes to cost, we were able to buy two Fortigates for less than the price of one comparable ASA and setup redundancy.
The ASA is a better overall networking/VPN device trying to improve its security, while the Fortinet is a security device trying to improve its networking. As firepower develops and improves, I think the ASA will be the better overall solution. Right now, the Fortinet is ahead with more mature overall security features, but is limited with overall networking features.
I think you should look at SonicWALL'S new code 6.2.6.1-25n, it is more powerful than its competitors and also can do DPI-SSL which is the need of the hour. The Content Filtering features are simply phenomenal