Hi community members,
I'm considering replacing a Cisco ASA Firewall with Fortinet FortiGate FG 100F. This is in order to reduce the cost.
Is this the right thing to do? What would be your advice? Please elaborate.
Thank you for your help!
IT Support and Network Admin at Escuela Carlos Pereyra
09 May 22
Hi @Isaiah Dominic,
I have a few questions:Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it?
If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?Both devices are good enough.I expect this could help you,
You are comparing a piece of old equipment with a true next-gen firewall.
Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent.
But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco ecosystem, it is very simple to handle. This solution has traffic inspection and the Firepower engine which provides good application visibility and control. Cisco ASA gives you full details, traffic monitoring, and threat monitoring. Cisco ASA has very solid encryption and multi-factor authentication. This solution is a great option to enable work-from-home options seamlessly.
The front-end configuration with Cisco ASA can be tough, though - there are too many steps in this process. It would also be better if there was a clear view of the integrations and the easiest way to complete them. In inexperienced hands, the Cisco ASA interface can be pretty daunting. An improved GUI would make this product much more user-friendly and competitive with other products. This solution can also be very expensive.
In the security technology space, Cisco Firepower NGFW Firewall is one of the fastest, if not the fastest. This gives us confidence in knowing that the moment an attack comes online, we will be protected immediately. We also like the intrusion policy that Cisco Firepower NGFW Firewall provides. We are able to see active users vs. inactive users, which has helped increase productivity through visibility. We get proactive notifications if there are issues with our throughput. If you know your way around the Cisco ecosystem, things can be pretty simple to set up and manage.
Deployment with Cisco Firepower NGFW Firewall takes too long, though. Other products are much faster. Additionally, when you have too many IPS rules, it slows down and impacts overall performance. Cisco Firepower NGFW Firewall does not have email security, and this is an important function we would like to see added with future upgrades.
These are both amazing products and in some situations, we have these two solutions working together. Overall, we found Cisco Firepower NGFW Firewall to have better flexibility and more granular access control. Cisco Firepower NGFW Firewall has some great micro-segmentations functionalities with regard to east-west and north-south traffic control, which is exactly what we wanted.
Small and big organizations often face targeted attacks. APT groups improve the quality of their operations, causing more serious damage. Timely detection and response, training of personnel, advanced training of information security department employees help reduce the risks associated with targeted attacks.
The growth dynamics of APT (Advanced Persistent Threat) attacks has been declinin...