IT Central Station is now PeerSpot: Here's why

Cisco WSA vs. Fortinet FortiGate - which should we choose?

How do Cisco WSA and FortiGate compare? What are the main differences?

PeerSpot user
1212 Answers

it_user109461 - PeerSpot reviewer

I have been using Fortinet for over 6 years and I am very pleased. We are a small Enterprise of ~600 employees. Recently we purchased Firewalls for two new sites and I went through the RFQ process to determine which firewall to get. We looked at Cisco ASA-X, Fortinet, and Palo Alto. Spec for Spec the Fortinet kills Cisco. For pricing the Fortinet again wins.

The one thing that is lacking in the Fortinet is easy central management for a small number of firewalls. I have 5 Firewall units to manage.. Cisco has this as part of their Prime Console. Fortinet has a Central console but it is focused more on managing 100's of firewalls. Very much overkill.

The Palo Alto looked very good and I was tempted but the pricing was the killer.

What tipped it for us was integration with our existing Fortinet units, much better spec, and MUCH better pricing. I have been very pleased with the units and the new FortiOS 5.2 is great.

One advantage of Cisco is getting consultant help with anything Cisco. It is a lot harder to find a competent Fortinet Firewall consultant.

it_user165153 - PeerSpot reviewer

This article has 10 reasons in favor of Fortinet, I would recommend them but I am not very familiar with Cisco's solution.

it_user72054 - PeerSpot reviewer

My tech staff replied: WSA is a content filter not a firewall, Unless the question is about the content filtering aspect of the Fortigate, I will assume that the person meant the Cisco ASA firewall. However even that comparison is difficult without model # as both have numerous models that differ greatly in performance and features. We would add that the comparison is incomplete without including SonicWALL in the SMB to Mid-Level space and Palo Alto in the Enterprise space. The reason is as follows:

SonicWALL excels over the ASA as far as the UTM functions Cisco’s ASA struggles with zero-day protection
SonicWALL excels over the Fortigate as far as the ease of setup and support goes.

Palo-Alto excels over the ASA for the same reason the SonicWALL does
Palo-Alto excels over Fortigate in the way it reports and frankly it is number one in, visibility and proactive defense, really Fortigate is not in the same league a more fair comparison would be to Check Point or Juniper.

If they are really looking to compare the WSA it would be better to compare it to the Barracuda Web Filter or Trustwave’s Web Filter

it_user198477 - PeerSpot reviewer

For features and performance Fortinet really is gaining market share from the likes of Juniper as well as Cisco. They are less expensive than PANW, with more throughput although less of a well rounded product. Specifically the Fortigate does not do well in comparison in routing/networking support as other platforms like PANW or the Juniper SRX. For a security focused deployment though you get the most for your money. I do second the criticism of the support available though. I'm used to the standard provided by Cisco, Juniper, PANW and Checkpoint for support and community documentation. After supporting clients on Fortigate 3.0-5.x for the last five years, I feel that Fortinet remains inadequate in comparison of support/documentation.

it_user180876 - PeerSpot reviewer

For a small to medium size organization I prefer Fortigate, because Its UTM features are really impressive and works well, also it is cost effective as compare to Cisco. Fortigate is user friendly you can say, so you can configure most of the things very easily.
But for Enterprise setup if you go for Cisco it will be good because its reliable and trust worthy.

it_user182265 - PeerSpot reviewer

Take a look at a new Cloud based service from Check Point:

Works very well with existing premise based security gateways from any vendor. You may not need to upgrade your FW at all

it_user79791 - PeerSpot reviewer

Today hardware firewalls offer many additional sevices and Cisco, Fortinet, Sophos, Barracuda, Palo Alto fight on equal terms...but why only hardware-based firewall ? Have you thought of a pure firewall combined with a protective web of higher level as OpenDNS umbrella ? No Cpu load problem, superior Web control...simple manage and control ....think about it !

it_user184158 - PeerSpot reviewer

Cisco WSA combined with ASA/Firepower would be a more comparable functionality comparison with Fortigate. If you are only looking for proxy, the direct competition with WSA is Bluecoat or Websense. On the other hand, if you are all Cisco shop and deployed ISE, then stick with WSA. Not knowing your requirements makes this a blind recommendation.

I agree with Blair, from a price/performance standpoint Fortinet offers best value when looking for NGFW/UTM.

it_user108681 - PeerSpot reviewer

Comparing those listed devices can not be done until there is an understanding of the business needs of the organisation.

They are different things.

One is a firewall that does primary data rate limiting and a little security.

The Cisco thing is a web proxy. To help prevent some virus penetration into the enterprise and to apply an acceptable use policy for the enterprise.

Very different use cases.

it_user189369 - PeerSpot reviewer

Don't ever go with Fortigate which we have terrible experiences.

Vinod Shankar - PeerSpot reviewer

Gartner Magic Q for 2014 actually lists both Cisco and FortiGate as
Challengers with FortiGate scoring better than Cisco.
Cisco ASA has been the mainstay of Enterprise Firewalls for a long time,
however, compared to the amount of features Firewalls flaunt today, Cisco
ASA lags severely. One of the main benefits of Cisco firewall is that it
gets the job done as a firewall nothing more. Their management console is
outdated, the features are minimal, and in enterprise their performance is
not up to the mark. However, the reputation of Cisco and its wide ranging
Support makes this firewall a mainstay in Enterprises still. But they are
slowly losing the game when compared to leaders like Checkpoint and
Juniper, Palo Alto etc.

FortiGate, on the other hand has really impressed the SMB segment with
their UTM offering which comes at a cheaper price than Cisco, however, when
it comes to enterprise class performance, FortiGate lacks a lot compared to
Cisco. The support and reliability is also not up to the class as Cisco.

In short, If you want a better featured and value for money firewall, go
for FortiGate, but if you want the old but trusted Firewall, go to Cisco.

it_user170481 - PeerSpot reviewer

Can you please specify the model?

Buyer's Guide
July 2022
Find out what your peers are saying about Fortinet, Netgate, Check Point and others in Firewalls. Updated: July 2022.
620,319 professionals have used our research since 2012.