I have been using Fortinet for over 6 years and I am very pleased. We are a small Enterprise of ~600 employees. Recently we purchased Firewalls for two new sites and I went through the RFQ process to determine which firewall to get. We looked at Cisco ASA-X, Fortinet, and Palo Alto. Spec for Spec the Fortinet kills Cisco. For pricing the Fortinet again wins.
The one thing that is lacking in the Fortinet is easy central management for a small number of firewalls. I have 5 Firewall units to manage.. Cisco has this as part of their Prime Console. Fortinet has a Central console but it is focused more on managing 100's of firewalls. Very much overkill.
The Palo Alto looked very good and I was tempted but the pricing was the killer.
What tipped it for us was integration with our existing Fortinet units, much better spec, and MUCH better pricing. I have been very pleased with the units and the new FortiOS 5.2 is great.
One advantage of Cisco is getting consultant help with anything Cisco. It is a lot harder to find a competent Fortinet Firewall consultant.
This article has 10 reasons in favor of Fortinet, I would recommend them but I am not very familiar with Cisco's solution.
My tech staff replied: WSA is a content filter not a firewall, Unless the question is about the content filtering aspect of the Fortigate, I will assume that the person meant the Cisco ASA firewall. However even that comparison is difficult without model # as both have numerous models that differ greatly in performance and features. We would add that the comparison is incomplete without including SonicWALL in the SMB to Mid-Level space and Palo Alto in the Enterprise space. The reason is as follows:
SonicWALL excels over the ASA as far as the UTM functions Cisco’s ASA struggles with zero-day protection
SonicWALL excels over the Fortigate as far as the ease of setup and support goes.
Palo-Alto excels over the ASA for the same reason the SonicWALL does
Palo-Alto excels over Fortigate in the way it reports and frankly it is number one in, visibility and proactive defense, really Fortigate is not in the same league a more fair comparison would be to Check Point or Juniper.
If they are really looking to compare the WSA it would be better to compare it to the Barracuda Web Filter or Trustwave’s Web Filter
For features and performance Fortinet really is gaining market share from the likes of Juniper as well as Cisco. They are less expensive than PANW, with more throughput although less of a well rounded product. Specifically the Fortigate does not do well in comparison in routing/networking support as other platforms like PANW or the Juniper SRX. For a security focused deployment though you get the most for your money. I do second the criticism of the support available though. I'm used to the standard provided by Cisco, Juniper, PANW and Checkpoint for support and community documentation. After supporting clients on Fortigate 3.0-5.x for the last five years, I feel that Fortinet remains inadequate in comparison of support/documentation.
For a small to medium size organization I prefer Fortigate, because Its UTM features are really impressive and works well, also it is cost effective as compare to Cisco. Fortigate is user friendly you can say, so you can configure most of the things very easily.
But for Enterprise setup if you go for Cisco it will be good because its reliable and trust worthy.
Today hardware firewalls offer many additional sevices and Cisco, Fortinet, Sophos, Barracuda, Palo Alto fight on equal terms...but why only hardware-based firewall ? Have you thought of a pure firewall combined with a protective web of higher level as OpenDNS umbrella ? No Cpu load problem, superior Web control...simple manage and control ....think about it !
Cisco WSA combined with ASA/Firepower would be a more comparable functionality comparison with Fortigate. If you are only looking for proxy, the direct competition with WSA is Bluecoat or Websense. On the other hand, if you are all Cisco shop and deployed ISE, then stick with WSA. Not knowing your requirements makes this a blind recommendation.
I agree with Blair, from a price/performance standpoint Fortinet offers best value when looking for NGFW/UTM.
Gartner Magic Q for 2014 actually lists both Cisco and FortiGate as
Challengers with FortiGate scoring better than Cisco.
Cisco ASA has been the mainstay of Enterprise Firewalls for a long time,
however, compared to the amount of features Firewalls flaunt today, Cisco
ASA lags severely. One of the main benefits of Cisco firewall is that it
gets the job done as a firewall nothing more. Their management console is
outdated, the features are minimal, and in enterprise their performance is
not up to the mark. However, the reputation of Cisco and its wide ranging
Support makes this firewall a mainstay in Enterprises still. But they are
slowly losing the game when compared to leaders like Checkpoint and
Juniper, Palo Alto etc.
FortiGate, on the other hand has really impressed the SMB segment with
their UTM offering which comes at a cheaper price than Cisco, however, when
it comes to enterprise class performance, FortiGate lacks a lot compared to
Cisco. The support and reliability is also not up to the class as Cisco.
In short, If you want a better featured and value for money firewall, go
for FortiGate, but if you want the old but trusted Firewall, go to Cisco.
At the moment, we are evaluating a solution where tunnel concentrators are going to be in virtual machines. And despite the fact where we should go in terms of technology, space, payment model and everything, this solution is something new in the company.
So, we're looking for any pr... Read More »