I have been using Fortinet for over 6 years and I am very pleased. We are a small Enterprise of ~600 employees. Recently we purchased Firewalls for two new sites and I went through the RFQ process to determine which firewall to get. We looked at Cisco ASA-X, Fortinet, and Palo Alto. Spec for Spec the Fortinet kills Cisco. For pricing the Fortinet again wins.
The one thing that is lacking in the Fortinet is easy central management for a small number of firewalls. I have 5 Firewall units to manage.. Cisco has this as part of their Prime Console. Fortinet has a Central console but it is focused more on managing 100's of firewalls. Very much overkill.
The Palo Alto looked very good and I was tempted but the pricing was the killer.
What tipped it for us was integration with our existing Fortinet units, much better spec, and MUCH better pricing. I have been very pleased with the units and the new FortiOS 5.2 is great.
One advantage of Cisco is getting consultant help with anything Cisco. It is a lot harder to find a competent Fortinet Firewall consultant.
Business Development Staff at a tech consulting company with 51-200 employees
Consultant
Top 20
Feb 25, 2015
My tech staff replied: WSA is a content filter not a firewall, Unless the question is about the content filtering aspect of the Fortigate, I will assume that the person meant the Cisco ASA firewall. However even that comparison is difficult without model # as both have numerous models that differ greatly in performance and features. We would add that the comparison is incomplete without including SonicWALL in the SMB to Mid-Level space and Palo Alto in the Enterprise space. The reason is as follows:
SonicWALL excels over the ASA as far as the UTM functions Cisco’s ASA struggles with zero-day protection
SonicWALL excels over the Fortigate as far as the ease of setup and support goes.
Palo-Alto excels over the ASA for the same reason the SonicWALL does
Palo-Alto excels over Fortigate in the way it reports and frankly it is number one in, visibility and proactive defense, really Fortigate is not in the same league a more fair comparison would be to Check Point or Juniper.
If they are really looking to compare the WSA it would be better to compare it to the Barracuda Web Filter or Trustwave’s Web Filter
Manager of Product Development/Professional Services/24x7 Support at a tech services company
Consultant
Feb 23, 2015
For features and performance Fortinet really is gaining market share from the likes of Juniper as well as Cisco. They are less expensive than PANW, with more throughput although less of a well rounded product. Specifically the Fortigate does not do well in comparison in routing/networking support as other platforms like PANW or the Juniper SRX. For a security focused deployment though you get the most for your money. I do second the criticism of the support available though. I'm used to the standard provided by Cisco, Juniper, PANW and Checkpoint for support and community documentation. After supporting clients on Fortigate 3.0-5.x for the last five years, I feel that Fortinet remains inadequate in comparison of support/documentation.
Engineer at a tech services company with 51-200 employees
Consultant
Feb 18, 2015
For a small to medium size organization I prefer Fortigate, because Its UTM features are really impressive and works well, also it is cost effective as compare to Cisco. Fortigate is user friendly you can say, so you can configure most of the things very easily.
But for Enterprise setup if you go for Cisco it will be good because its reliable and trust worthy.
Network Admin at a tech consulting company with 51-200 employees
Consultant
Feb 17, 2015
Today hardware firewalls offer many additional sevices and Cisco, Fortinet, Sophos, Barracuda, Palo Alto fight on equal terms...but why only hardware-based firewall ? Have you thought of a pure firewall combined with a protective web of higher level as OpenDNS umbrella ? No Cpu load problem, superior Web control...simple manage and control ....think about it !
Cisco WSA combined with ASA/Firepower would be a more comparable functionality comparison with Fortigate. If you are only looking for proxy, the direct competition with WSA is Bluecoat or Websense. On the other hand, if you are all Cisco shop and deployed ISE, then stick with WSA. Not knowing your requirements makes this a blind recommendation.
I agree with Blair, from a price/performance standpoint Fortinet offers best value when looking for NGFW/UTM.
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Real User
Feb 17, 2015
Gartner Magic Q for 2014 actually lists both Cisco and FortiGate as
Challengers with FortiGate scoring better than Cisco.
Cisco ASA has been the mainstay of Enterprise Firewalls for a long time,
however, compared to the amount of features Firewalls flaunt today, Cisco
ASA lags severely. One of the main benefits of Cisco firewall is that it
gets the job done as a firewall nothing more. Their management console is
outdated, the features are minimal, and in enterprise their performance is
not up to the mark. However, the reputation of Cisco and its wide ranging
Support makes this firewall a mainstay in Enterprises still. But they are
slowly losing the game when compared to leaders like Checkpoint and
Juniper, Palo Alto etc.
FortiGate, on the other hand has really impressed the SMB segment with
their UTM offering which comes at a cheaper price than Cisco, however, when
it comes to enterprise class performance, FortiGate lacks a lot compared to
Cisco. The support and reliability is also not up to the class as Cisco.
In short, If you want a better featured and value for money firewall, go
for FortiGate, but if you want the old but trusted Firewall, go to Cisco.
Firewalls serve as essential network security devices designed to monitor incoming and outgoing traffic, establishing a barrier between trusted and untrusted networks to protect against cyber threats. Firewalls, critically important in IT infrastructure, offer a range of security features that include packet filtering, stateful inspection, and proxy service. They are used extensively to define policies that allow or block traffic, playing a crucial role in preventing unauthorized access....
I have been using Fortinet for over 6 years and I am very pleased. We are a small Enterprise of ~600 employees. Recently we purchased Firewalls for two new sites and I went through the RFQ process to determine which firewall to get. We looked at Cisco ASA-X, Fortinet, and Palo Alto. Spec for Spec the Fortinet kills Cisco. For pricing the Fortinet again wins.
The one thing that is lacking in the Fortinet is easy central management for a small number of firewalls. I have 5 Firewall units to manage.. Cisco has this as part of their Prime Console. Fortinet has a Central console but it is focused more on managing 100's of firewalls. Very much overkill.
The Palo Alto looked very good and I was tempted but the pricing was the killer.
What tipped it for us was integration with our existing Fortinet units, much better spec, and MUCH better pricing. I have been very pleased with the units and the new FortiOS 5.2 is great.
One advantage of Cisco is getting consultant help with anything Cisco. It is a lot harder to find a competent Fortinet Firewall consultant.
This article has 10 reasons in favor of Fortinet, I would recommend them but I am not very familiar with Cisco's solution.
www.itgweb.com/blog/the-top-10-reasons-to-choose-a-fortinet-next-generation-firewall
My tech staff replied: WSA is a content filter not a firewall, Unless the question is about the content filtering aspect of the Fortigate, I will assume that the person meant the Cisco ASA firewall. However even that comparison is difficult without model # as both have numerous models that differ greatly in performance and features. We would add that the comparison is incomplete without including SonicWALL in the SMB to Mid-Level space and Palo Alto in the Enterprise space. The reason is as follows:
SonicWALL excels over the ASA as far as the UTM functions Cisco’s ASA struggles with zero-day protection
SonicWALL excels over the Fortigate as far as the ease of setup and support goes.
Palo-Alto excels over the ASA for the same reason the SonicWALL does
Palo-Alto excels over Fortigate in the way it reports and frankly it is number one in, visibility and proactive defense, really Fortigate is not in the same league a more fair comparison would be to Check Point or Juniper.
If they are really looking to compare the WSA it would be better to compare it to the Barracuda Web Filter or Trustwave’s Web Filter
For features and performance Fortinet really is gaining market share from the likes of Juniper as well as Cisco. They are less expensive than PANW, with more throughput although less of a well rounded product. Specifically the Fortigate does not do well in comparison in routing/networking support as other platforms like PANW or the Juniper SRX. For a security focused deployment though you get the most for your money. I do second the criticism of the support available though. I'm used to the standard provided by Cisco, Juniper, PANW and Checkpoint for support and community documentation. After supporting clients on Fortigate 3.0-5.x for the last five years, I feel that Fortinet remains inadequate in comparison of support/documentation.
For a small to medium size organization I prefer Fortigate, because Its UTM features are really impressive and works well, also it is cost effective as compare to Cisco. Fortigate is user friendly you can say, so you can configure most of the things very easily.
But for Enterprise setup if you go for Cisco it will be good because its reliable and trust worthy.
Take a look at a new Cloud based service from Check Point:
capsule.checkpoint.com/
Works very well with existing premise based security gateways from any vendor. You may not need to upgrade your FW at all
Today hardware firewalls offer many additional sevices and Cisco, Fortinet, Sophos, Barracuda, Palo Alto fight on equal terms...but why only hardware-based firewall ? Have you thought of a pure firewall combined with a protective web of higher level as OpenDNS umbrella ? No Cpu load problem, superior Web control...simple manage and control ....think about it !
Cisco WSA combined with ASA/Firepower would be a more comparable functionality comparison with Fortigate. If you are only looking for proxy, the direct competition with WSA is Bluecoat or Websense. On the other hand, if you are all Cisco shop and deployed ISE, then stick with WSA. Not knowing your requirements makes this a blind recommendation.
I agree with Blair, from a price/performance standpoint Fortinet offers best value when looking for NGFW/UTM.
Comparing those listed devices can not be done until there is an understanding of the business needs of the organisation.
They are different things.
One is a firewall that does primary data rate limiting and a little security.
The Cisco thing is a web proxy. To help prevent some virus penetration into the enterprise and to apply an acceptable use policy for the enterprise.
Very different use cases.
Don't ever go with Fortigate which we have terrible experiences.
Gartner Magic Q for 2014 actually lists both Cisco and FortiGate as
Challengers with FortiGate scoring better than Cisco.
Cisco ASA has been the mainstay of Enterprise Firewalls for a long time,
however, compared to the amount of features Firewalls flaunt today, Cisco
ASA lags severely. One of the main benefits of Cisco firewall is that it
gets the job done as a firewall nothing more. Their management console is
outdated, the features are minimal, and in enterprise their performance is
not up to the mark. However, the reputation of Cisco and its wide ranging
Support makes this firewall a mainstay in Enterprises still. But they are
slowly losing the game when compared to leaders like Checkpoint and
Juniper, Palo Alto etc.
FortiGate, on the other hand has really impressed the SMB segment with
their UTM offering which comes at a cheaper price than Cisco, however, when
it comes to enterprise class performance, FortiGate lacks a lot compared to
Cisco. The support and reliability is also not up to the class as Cisco.
In short, If you want a better featured and value for money firewall, go
for FortiGate, but if you want the old but trusted Firewall, go to Cisco.
Can you please specify the model?