2019-12-09T07:06:00Z

What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?

I work for an IT company that provides the latest End-to-End ICT integrated solutions. We are currently evaluating Cisco Firepower NGFW and Fortinet FortiGate. 

What would you say are the biggest differences between the two? Which would you recommend? 

Thanks for your help! I appreciate it. 

it_user1241577 - PeerSpot reviewer
User at a tech company with 11-50 employees
  • 10
  • 717
11
PeerSpot user
11 Answers
RB
Networking Security Expert at SR Technologies
User
Top 10
2022-03-31T01:07:49Z
Mar 31, 2022

If you need a performance appliance, Cisco is not the one. Once you start adding policies, IPS and others, it chokes. 


Fortinet has customs semiconductors that can handle hardware with a tremendous amount of efficiency compared to anyone else. 


I am a Cisco Academy trainer and unfortunately, I would use Fortinet any time. I even have one at home. Cisco is well known for routers and I cannot fault that, but that is the extent I would comment.

Product comparison that may be of interest to you
Real User
2022-03-29T15:53:05Z
Mar 29, 2022

We are partners of both products and we understand that the decision goes on the side of the security strategy that they want to follow because if the driver is simplicity and also a comprehensive solution, Fortinet is by far what you should take, now if we lower the price strategy Frotinet is also cost efficient, but if your strategy only focuses on securing a perimeter which is going to stay in that condition for a very long time without being integrated into another Cisco solution, it is still a valid option.

DH
‎Senior Vice President at a transportation company with 51-200 employees
Real User
2019-12-11T20:14:08Z
Dec 11, 2019

Firepower requires significant systems to suit adjacent to an ASA to support IPS and other aspects of the solution. FortiGate does not require a significant investment in systems and offers a number of cloud-based options to move to a near turn-key solution. In addition, VPN implementation and other tools and instrumentation fit well within a comprehensive compliance solution including various scanners.

In my opinion, the entry price point for the two solutions and the ongoing manageability of the platform tips the scale heavily in Fortinet’s corner. I tend to prefer systems that appear in Gartner’s upper right quadrant and in my opinion, Cisco has to play significant “catch up” and have significantly improved in the last 24 months but they are still behind.

PF
Account Director at a tech services company with 51-200 employees
User
2019-12-09T22:32:35Z
Dec 9, 2019

We are partners for both products and as a security practice, we recommend Fortinet over Cisco for security. Fortinet offers improved security efficacy, performance, and cost. Cisco has dropped off badly in analysts' reports recently and we hardly see them in serious security conversations on this side of the world.

TE
CTO at Secure Networkers
Real User
2019-12-09T20:04:16Z
Dec 9, 2019

The FortiGate is a good firewall for the price. Out of the box, it runs great. As time progresses, nine months/one year into the updates it isn't running as well. I think overall is it still okay for the most part. Price is big for many customers and the FortiGate is a good value. The Cisco FTD or ASA w/Firepower is also a good firewall. The FTD has quite a bit of compute and resources. The Snort engine does a good job of identifying traffic and flagging traffic that needs more analysis. The ASA functions run as virtual on the ASA as Lina. So all your Site-to Site VPN and Anyconnect work from this side of the firewall. The ASA with Firepower is almost a legacy firewall that isn't as fast as the FTD but it still gets the job done. Unless you need the legacy connections I would go the FTD route. The ASA architecture of hardware is going the route of the FTD. Once the Anyconnect was added to FTD it is the way to go. The real value comes in the integration with all the other Cisco products. Umbrella, AMP4Endpoint, ISE, Stealthwatch, and Cloudlock, all integrate directly with the Cisco Firepower NGFW to give you visibility with Cisco Threat Response. Honestly, with the right API, you can get the same integration with the FortiGate. I would say that with the right ordering schedule you can get a bundled package that is pretty price competitive.

Another consideration is what are you replacing when you are putting this firewall in? Make sure that you are getting the right throughput solution that can handle the traffic. Cisco CDO makes migration fairly easy if you are migrating old ASAs. If you are replacing a FortiGate it might be best to stay in that direction.

If you are going to be managing all of these firewalls and keeping them updated I would not hesitate to go the Cisco FTD route. Using Cisco Threat Response operationalizes security management.

JR
IT Support Engineer at odak bilisim
Real User
2019-12-10T11:06:49Z
Dec 10, 2019

FortiGate interface and features are easier to set up and manage

Find out what your peers are saying about Cisco Secure Firewall vs. Fortinet FortiGate and other solutions. Updated: September 2023.
734,156 professionals have used our research since 2012.
ML
Network Cooperations at STEVENSON ASTROSAT LIMITED
Real User
2019-12-10T09:59:46Z
Dec 10, 2019

Regretfully, I have no in-hand experience on either specific firewall.

I can only comment that Fortinet remains one of the fore-bearers in Firewall technology and Cisco_Meraki has the corporate backup of Cisco.

We have a Meraki MX series Firewall and, to date, it has covered our needs comprehensively. It does tend to lend itself more towards full integration of Meraki devices throughout the network e.g Peer to Peer VPNs but hybrid networks still function well albeit a little more complicated to set up.

Either supplier will not let your client down as both are reliable vendors. I would advise your client to list the important elements of NGFW for their network and compare these. If these comparisons are balanced, and I suspect that support is equivalent from both vendors then it's down to cost.

VR
Senior Network Engineer at a tech services company with 5,001-10,000 employees
Real User
2019-12-10T09:40:04Z
Dec 10, 2019

I was un exactly your shoes a few months back. We made the decision to go with FortiGate for a few reasons:

1. The price was a no brainer. Cisco NGFW is also (in my opinion) miles behind what some of the firewalls can do nowadays.

2. The throughput of the firewall: I chose to go with the 501-E model of the FortiGates. It has 2x 10G interfaces and a total throughput of about 30Gbps I think (don’t quote me on this).

3. Ease of configuration: The FortiGates are one of the easiest firewalls to configure. They do have their own bugs but if you find a stable release, you’d be very satisfied with these firewalls.

I would still prefer a Palo Alto over a Fortinet firewall but they will come at a huge price tag!

Kehinde Bankole - PeerSpot reviewer
Manager IP Network Security Planning at MTN
Real User
Top 10
2019-12-10T09:38:03Z
Dec 10, 2019

The biggest difference is the ease of use and deployment.

Fortinet has a simple user interface and they seem to have a better UI/UX design than cisco.

While cisco is also a market leader and good with firewalling technologies the ease of use is not there. This is coming from someone that started learning with cisco products.

RB
Networking Security Expert at SR Technologies
User
Top 10
Mar 31, 2022

@reviewer1171122 I am a Cisco Academy Trainer. I would not use ASA and Java, simple as that. Fortinet most important feature as many others, lies that is the only thing in the market that has ASIC chips (semiconductors) that can handle traffic and inspection. It does not rely on its CPU so it does not choke when lots of policies are being added. I have FGT40 at home and CPU is idling at 1 per cent. I do have VoiP IP BX and mail servers and attacks galore, still holds. I had an ASA 5506 and got rid of it in 2 weeks. Had enough.

PeerSpot user
RB
Networking Security Expert at SR Technologies
User
Top 10
2019-12-10T07:43:19Z
Dec 10, 2019

I am not going to mention the price because, at the end of the day, the price of something cheap turns very expensive.

I had a Cisco ASA and got fed up. That Java interface, that extra module for IPS, it was a total headache.

Fortinet has spent serious money with ASIC (Application Specific Integrated Circuits) chips so the hardware can take care and leave the CPU at low revs. The interface is great and that Java disaster goes, but regardless of that the efficiency and real protection, well see NSLABS reports, nothing more to say.

Cisco invented the router, then purchased a switch company, then they pretended to know RF (Radio Frequency or wireless). Sorry, it's not on. Not even with the purchase or Ironport. Fortinet is the way to go. I am a Cisco Academy trainer and after this but the truth is one and only one.

By the way, the appliance I have also comes with 10 licenses for endpoint security clients (Forticlient). Not bad, but Symantec Endpoint Security is better, especially when it comes to layer 2.

JB
Network and Server Engineer at AMiFN
Real User
2019-12-09T21:27:27Z
Dec 9, 2019

I worked on Stormshield, I'm currently using FortiGate, so it's hard for me to compare it with Cisco. I am happy with Forti, support is good. However, they sometimes have bugs in the firmware. Forti is easy to configure, at a basic price it has a lot of options, a free VPN client, VPN SSL portal with large, and sandbox options.

Related Questions
reviewer2248338 - PeerSpot reviewer
User at IDC Corporate
Aug 1, 2023
Hello peers,  I work for a large computer software company. I am currently researching Palo Alto Networks and its products. How do Palo Alto Networks' security features compare to other security vendors like Cisco? Thank you for your help.
See 1 answer
CS
Information Security Manager at a financial services firm with 501-1,000 employees
Aug 1, 2023
We did a head-to-head comparison and live tested 2 pretty beefy models from each company.  Palo absolutely blew Cisco out of the water.  There is a major difference in a company focused on firewalls first and then migrating into complementary security technologies to integrate them to make a comprehensive security ecosystem vs another company saying they are doing the same thing, but actually just piecemealing things together.  Palo has some issues, too.  But their product offerings are top-notch, their roadmap is cutting edge, and overall they are building a security ecosystem that actually functions and isn't mainly marketing and sales material.  It works!
MA
Cloud Engineer at Inara Technologies
Jun 5, 2023
Hello community,  I am a Cloud Engineer at a small tech services company.  I am currently researching firewalls. Which solution do you prefer: Palo Alto Networks PA-3410 Firewall or FortiGate 601F? What are the pros and cons of each solution? Thank you for your help.
See 1 answer
Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
Jun 5, 2023
Hi Muhammad, You are telling us your company is small, but for choice active equipment you need to know how big the need for your client is, not yours. And also you may discuss if you are the provider of the tech service for management (local or remote), or if you're just going to provide the equipment for some internal IT by your customer.So, there are a few questions before choosing the Router/Gateway, but if you already have an answer for all that, I'll go for Sophos XG Firewall every time, if the customer can afford it or for smaller customer Ubiquiti Edge Infinity Router. Good luck
Moderator
it_user72771 - PeerSpot reviewer
Info Sec Consultant at Size 41 Digital
Real User
Top 5
Product Comparisons
Download Free Report
Download our FREE report comparing Cisco Secure Firewall and Fortinet FortiGate based on reviews, features, and more! Updated: September 2023.
DOWNLOAD NOW
734,156 professionals have used our research since 2012.