How does Cisco's ASA firewall compare with the Firepower NGFW?

Which is better and why?

Content Manager at PeerSpot (formerly IT Central Station)
  • 1
  • 214
PeerSpot user
1 Answer
Top 5
Nov 4, 2021

It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco ecosystem, it is very simple to handle. This solution has traffic inspection and the Firepower engine which provides good application visibility and control. Cisco ASA gives you full details, traffic monitoring, and threat monitoring. Cisco ASA has very solid encryption and multi-factor authentication. This solution is a great option to enable work-from-home options seamlessly.

The front-end configuration with Cisco ASA can be tough, though - there are too many steps in this process. It would also be better if there was a clear view of the integrations and the easiest way to complete them. In inexperienced hands, the Cisco ASA interface can be pretty daunting. An improved GUI would make this product much more user-friendly and competitive with other products. This solution can also be very expensive.

In the security technology space, Cisco Firepower NGFW Firewall is one of the fastest, if not the fastest. This gives us confidence in knowing that the moment an attack comes online, we will be protected immediately. We also like the intrusion policy that Cisco Firepower NGFW Firewall provides. We are able to see active users vs. inactive users, which has helped increase productivity through visibility. We get proactive notifications if there are issues with our throughput. If you know your way around the Cisco ecosystem, things can be pretty simple to set up and manage.

Deployment with Cisco Firepower NGFW Firewall takes too long, though. Other products are much faster. Additionally, when you have too many IPS rules, it slows down and impacts overall performance. Cisco Firepower NGFW Firewall does not have email security, and this is an important function we would like to see added with future upgrades.


These are both amazing products and in some situations, we have these two solutions working together. Overall, we found Cisco Firepower NGFW Firewall to have better flexibility and more granular access control. Cisco Firepower NGFW Firewall has some great micro-segmentations functionalities with regard to east-west and north-south traffic control, which is exactly what we wanted.

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
710,326 professionals have used our research since 2012.
Search for a product comparison
Related Questions
Jitender Joshi - PeerSpot reviewer
AVP : Technology Solutions Group at Pramerica
Jan 20, 2023
Hi peers,  I am an AVP at a large insurance company. I am currently researching firewalls. What are the benefits of Fortinet FortiGate 400E versus Cisco ASA 5525? Which product do you prefer and why? Thank you for your help.
See 1 answer
Technology Services Director at a tech services company with 11-50 employees
Jan 20, 2023
Purely from datasheet numbers, the Fortinet 400E unit has much higher performance in most dimensions than the 5525-X appliance, but you'd need to have some specific use cases and metrics in mind to know if that applies to you. If the key metric is a bang for the buck, Fortinet usually wins until vendors start applying extra discounts to level the playing field. Also, the 400E has been superseded by the 400F, using newer ASIC to effectively double most performance metrics, I suggest you have a look at the data sheets for that versus the current Cisco unit. As an engineer, I find the Fortinet units much more interoperable, whereas Cisco tends to encourage the adoption of their Cisco-proprietary solutions, as part of a single-vendor fabric. Also, for more junior admins, Cisco is a CLI-first solution and always has been, with ASDM feeling bolted on afterward, whereas Fortinet has a pretty good GUI in recent years, and only requires CLI for more esoteric features. The Cisco solution is always going to be a better fit if you want to know which solution your Cisco-trained engineers and admins need to best complement your Cisco routers, Cisco switches, Cisco WLC, and Cisco ISE. If you want throughput or port count for segregation, or a security-focused vendor with a more open feature set, Fortinet might be a better choice in my opinion.
Steve Chiyenda - PeerSpot reviewer
IT Supervisor at Blantyre Netting Company Limited
May 20, 2022
Hi peers, A week ago I lost my data through the malware from which I failed to recover as the file got corrupted.  Now, I want to work with a firewall and so am looking for suggestions on whether I should purchase Cisco Firepower or Sophos XG. Which one is a good match for an SMB? What would you recommend?
2 out of 3 answers
Bennett Gomonda - PeerSpot reviewer
Pre-Sales Support Engineer at Skyband Corporation
May 18, 2022
I prefer Sophos. I find it easy to use and it has better features on malware and threat management.
Carlos Roberto Da Silva - PeerSpot reviewer
Pre-Sales Director at 4 IT Solution
May 19, 2022
I recommend Sophos XGS firewall. It will offer the best solution for malware protection.  Also, I recomend Sophos CIXA with XDR (Sophos Endpoint), so you can use Syncronized Security.
Download Free Report
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
710,326 professionals have used our research since 2012.