Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
  • 1
  • 99

How does Cisco's ASA firewall compare with the Firepower NGFW?

Which is better and why?

PeerSpot user
1 Answer
Top 5
Nov 4, 2021

It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco ecosystem, it is very simple to handle. This solution has traffic inspection and the Firepower engine which provides good application visibility and control. Cisco ASA gives you full details, traffic monitoring, and threat monitoring. Cisco ASA has very solid encryption and multi-factor authentication. This solution is a great option to enable work-from-home options seamlessly.

The front-end configuration with Cisco ASA can be tough, though - there are too many steps in this process. It would also be better if there was a clear view of the integrations and the easiest way to complete them. In inexperienced hands, the Cisco ASA interface can be pretty daunting. An improved GUI would make this product much more user-friendly and competitive with other products. This solution can also be very expensive.

In the security technology space, Cisco Firepower NGFW Firewall is one of the fastest, if not the fastest. This gives us confidence in knowing that the moment an attack comes online, we will be protected immediately. We also like the intrusion policy that Cisco Firepower NGFW Firewall provides. We are able to see active users vs. inactive users, which has helped increase productivity through visibility. We get proactive notifications if there are issues with our throughput. If you know your way around the Cisco ecosystem, things can be pretty simple to set up and manage.

Deployment with Cisco Firepower NGFW Firewall takes too long, though. Other products are much faster. Additionally, when you have too many IPS rules, it slows down and impacts overall performance. Cisco Firepower NGFW Firewall does not have email security, and this is an important function we would like to see added with future upgrades.


These are both amazing products and in some situations, we have these two solutions working together. Overall, we found Cisco Firepower NGFW Firewall to have better flexibility and more granular access control. Cisco Firepower NGFW Firewall has some great micro-segmentations functionalities with regard to east-west and north-south traffic control, which is exactly what we wanted.

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
656,862 professionals have used our research since 2012.
Search for a product comparison
Related Questions
Steve Chiyenda - PeerSpot reviewer
IT Supervisor at Blantyre Netting Company Limited
May 20, 2022
Hi peers, A week ago I lost my data through the malware from which I failed to recover as the file got corrupted.  Now, I want to work with a firewall and so am looking for suggestions on whether I should purchase Cisco Firepower or Sophos XG. Which one is a good match for an SMB? What would you recommend?
2 out of 3 answers
Bennett Gomonda - PeerSpot reviewer
Pre-Sales Support Engineer at Skyband Corporation
May 18, 2022
I prefer Sophos. I find it easy to use and it has better features on malware and threat management.
Carlos Roberto Da Silva - PeerSpot reviewer
Pre-Sales Director at 4 IT Solution
May 19, 2022
I recommend Sophos XGS firewall. It will offer the best solution for malware protection.  Also, I recomend Sophos CIXA with XDR (Sophos Endpoint), so you can use Syncronized Security.
User at Zm3
May 15, 2022
Hi community members, I'm considering replacing a Cisco ASA Firewall with Fortinet FortiGate FG 100F. This is in order to reduce the cost. Is this the right thing to do? What would be your advice? Please elaborate. Thank you for your help!
2 out of 8 answers
Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
May 9, 2022
Hi @Isaiah Dominic, ​I have a few questions:Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it?  If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?Both devices are good enough.I expect this could help you,  Good luck!
DanielValente - PeerSpot reviewer
Head of Platforms and Infrastructure at LOQR
May 9, 2022
Hi,  You are comparing a piece of old equipment with a true next-gen firewall.  Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent.  But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.
Download Free Report
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
656,862 professionals have used our research since 2012.