it_user1241577 - PeerSpot reviewer
User at a tech company with 11-50 employees
  • 10
  • 978

What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?

I work for an IT company that provides the latest End-to-End ICT integrated solutions. We are currently evaluating Cisco Firepower NGFW and Fortinet FortiGate. 

What would you say are the biggest differences between the two? Which would you recommend? 

Thanks for your help! I appreciate it. 

PeerSpot user
11 Answers
Networking Security Expert at SR Technologies
Top 5
Mar 31, 2022

If you need a performance appliance, Cisco is not the one. Once you start adding policies, IPS and others, it chokes. 

Fortinet has customs semiconductors that can handle hardware with a tremendous amount of efficiency compared to anyone else. 

I am a Cisco Academy trainer and unfortunately, I would use Fortinet any time. I even have one at home. Cisco is well known for routers and I cannot fault that, but that is the extent I would comment.

Product comparison that may be of interest to you
Real User
Mar 29, 2022

We are partners of both products and we understand that the decision goes on the side of the security strategy that they want to follow because if the driver is simplicity and also a comprehensive solution, Fortinet is by far what you should take, now if we lower the price strategy Frotinet is also cost efficient, but if your strategy only focuses on securing a perimeter which is going to stay in that condition for a very long time without being integrated into another Cisco solution, it is still a valid option.

‎Senior Vice President at a transportation company with 51-200 employees
Real User
Dec 11, 2019

Firepower requires significant systems to suit adjacent to an ASA to support IPS and other aspects of the solution. FortiGate does not require a significant investment in systems and offers a number of cloud-based options to move to a near turn-key solution. In addition, VPN implementation and other tools and instrumentation fit well within a comprehensive compliance solution including various scanners.

In my opinion, the entry price point for the two solutions and the ongoing manageability of the platform tips the scale heavily in Fortinet’s corner. I tend to prefer systems that appear in Gartner’s upper right quadrant and in my opinion, Cisco has to play significant “catch up” and have significantly improved in the last 24 months but they are still behind.

Account Director at a tech services company with 51-200 employees
Dec 9, 2019

We are partners for both products and as a security practice, we recommend Fortinet over Cisco for security. Fortinet offers improved security efficacy, performance, and cost. Cisco has dropped off badly in analysts' reports recently and we hardly see them in serious security conversations on this side of the world.

CTO at Secure Networkers
Real User
Dec 9, 2019

The FortiGate is a good firewall for the price. Out of the box, it runs great. As time progresses, nine months/one year into the updates it isn't running as well. I think overall is it still okay for the most part. Price is big for many customers and the FortiGate is a good value. The Cisco FTD or ASA w/Firepower is also a good firewall. The FTD has quite a bit of compute and resources. The Snort engine does a good job of identifying traffic and flagging traffic that needs more analysis. The ASA functions run as virtual on the ASA as Lina. So all your Site-to Site VPN and Anyconnect work from this side of the firewall. The ASA with Firepower is almost a legacy firewall that isn't as fast as the FTD but it still gets the job done. Unless you need the legacy connections I would go the FTD route. The ASA architecture of hardware is going the route of the FTD. Once the Anyconnect was added to FTD it is the way to go. The real value comes in the integration with all the other Cisco products. Umbrella, AMP4Endpoint, ISE, Stealthwatch, and Cloudlock, all integrate directly with the Cisco Firepower NGFW to give you visibility with Cisco Threat Response. Honestly, with the right API, you can get the same integration with the FortiGate. I would say that with the right ordering schedule you can get a bundled package that is pretty price competitive.

Another consideration is what are you replacing when you are putting this firewall in? Make sure that you are getting the right throughput solution that can handle the traffic. Cisco CDO makes migration fairly easy if you are migrating old ASAs. If you are replacing a FortiGate it might be best to stay in that direction.

If you are going to be managing all of these firewalls and keeping them updated I would not hesitate to go the Cisco FTD route. Using Cisco Threat Response operationalizes security management.

Junedh Rehman - PeerSpot reviewer
IT Support Engineer at odak bilisim
Real User
Dec 10, 2019

FortiGate interface and features are easier to set up and manage

Find out what your peers are saying about Cisco Secure Firewall vs. Fortinet FortiGate and other solutions. Updated: January 2023.
670,331 professionals have used our research since 2012.
MelvynLee - PeerSpot reviewer
Real User
Dec 10, 2019

Regretfully, I have no in-hand experience on either specific firewall.

I can only comment that Fortinet remains one of the fore-bearers in Firewall technology and Cisco_Meraki has the corporate backup of Cisco.

We have a Meraki MX series Firewall and, to date, it has covered our needs comprehensively. It does tend to lend itself more towards full integration of Meraki devices throughout the network e.g Peer to Peer VPNs but hybrid networks still function well albeit a little more complicated to set up.

Either supplier will not let your client down as both are reliable vendors. I would advise your client to list the important elements of NGFW for their network and compare these. If these comparisons are balanced, and I suspect that support is equivalent from both vendors then it's down to cost.

Senior Network Engineer at a tech services company with 5,001-10,000 employees
Real User
Dec 10, 2019

I was un exactly your shoes a few months back. We made the decision to go with FortiGate for a few reasons:

1. The price was a no brainer. Cisco NGFW is also (in my opinion) miles behind what some of the firewalls can do nowadays.

2. The throughput of the firewall: I chose to go with the 501-E model of the FortiGates. It has 2x 10G interfaces and a total throughput of about 30Gbps I think (don’t quote me on this).

3. Ease of configuration: The FortiGates are one of the easiest firewalls to configure. They do have their own bugs but if you find a stable release, you’d be very satisfied with these firewalls.

I would still prefer a Palo Alto over a Fortinet firewall but they will come at a huge price tag!

Manager IP Network Security Planning at a comms service provider with 10,001+ employees
Real User
Dec 10, 2019

The biggest difference is the ease of use and deployment.

Fortinet has a simple user interface and they seem to have a better UI/UX design than cisco.

While cisco is also a market leader and good with firewalling technologies the ease of use is not there. This is coming from someone that started learning with cisco products.

Networking Security Expert at SR Technologies
Top 5
Mar 31, 2022

@reviewer1171122 I am a Cisco Academy Trainer. I would not use ASA and Java, simple as that. Fortinet most important feature as many others, lies that is the only thing in the market that has ASIC chips (semiconductors) that can handle traffic and inspection. It does not rely on its CPU so it does not choke when lots of policies are being added. I have FGT40 at home and CPU is idling at 1 per cent. I do have VoiP IP BX and mail servers and attacks galore, still holds. I had an ASA 5506 and got rid of it in 2 weeks. Had enough.

PeerSpot user
Networking Security Expert at SR Technologies
Top 5
Dec 10, 2019

I am not going to mention the price because, at the end of the day, the price of something cheap turns very expensive.

I had a Cisco ASA and got fed up. That Java interface, that extra module for IPS, it was a total headache.

Fortinet has spent serious money with ASIC (Application Specific Integrated Circuits) chips so the hardware can take care and leave the CPU at low revs. The interface is great and that Java disaster goes, but regardless of that the efficiency and real protection, well see NSLABS reports, nothing more to say.

Cisco invented the router, then purchased a switch company, then they pretended to know RF (Radio Frequency or wireless). Sorry, it's not on. Not even with the purchase or Ironport. Fortinet is the way to go. I am a Cisco Academy trainer and after this but the truth is one and only one.

By the way, the appliance I have also comes with 10 licenses for endpoint security clients (Forticlient). Not bad, but Symantec Endpoint Security is better, especially when it comes to layer 2.

Network and Server Engineer at AMiFN
Real User
Dec 9, 2019

I worked on Stormshield, I'm currently using FortiGate, so it's hard for me to compare it with Cisco. I am happy with Forti, support is good. However, they sometimes have bugs in the firmware. Forti is easy to configure, at a basic price it has a lot of options, a free VPN client, VPN SSL portal with large, and sandbox options.

Related Questions
User at PT. Manunggal Integrasi Sejahtera
Jan 27, 2023
Hello peers,  I work at a small tech company and am researching firewalls. Which solution do you prefer: Juniper SRX4200 or FortiGate 1800? Can you please compare the two solutions? Thank you for your help.
See 1 answer
Technical Specialist - Head of Presales at Artha Mitra Interdata
Jan 27, 2023
Hi Fahrorozi,If I have to choose between these two, I will choose FG 1800Reasons:1. More flexible ports to use from 1G to 40G2. Include SSL VPN / client VPN for users3. Have better Web management than SRX.4. From datasheet some of the throughput also larger (IPv4 FW throughput, Max Session, Max Policies, etc)But you need to know what you need for your company.- Maybe you only need 10G interface instead of 1G- Maybe you dont need the SSL VPN / Client VPN- You also don't need a large throughput.Hope this help.
Guillermo Read - PeerSpot reviewer
Advisory Engineer - Telecommunications Solution Design at Claro RD
Jan 20, 2023
Hello community, I am an Advisory Engineer at a large comms services company. I am currently researching Fortinet's firewall solutions. Which Fortinet firewall model is the equivalent of Sophos XG 450? Thank you for your help.
2 out of 3 answers
Director at REDCO
Jan 20, 2023
According to the datasheet, it can be the 400F, but I almost think that with 200F it can work without a problem, the detail is that XG is the previous generation. At the moment, they are the XGS of SOPHOS.
William Yragui - PeerSpot reviewer
President at infobond
Jan 20, 2023
The XG 450 supports 2 10Gb SFP+ slots and 8 GE ports. A Fortinet FG200F supports 4 10Gb SFP+ slots, 8 GE SFP slots, and 18 GE ports. A Fortinet FG400F supports 8 10Gb SFP+ slots, 8 GE SFP slots, and 18 GE ports. Barebones the Sophos XV 450 carries a list price of $11,823, whereas an FG200F costs $5,544, and the FG400F, $11,523.  What I look for is the ability of a firewall to decrypt SSL sessions. Given that 80% or more of your network traffic will be encrypted, the firewall has to be able to decrypt packets to find malware. The Sophos XG 450 can inspect 770 Mbps of SSL traffic. The FG200F will inspect 4 Gbps and the FG400F will inspect 8 Gbps of SSL traffic. The Sophos XG 450 has a threat protection throughput of 3.4 Gbps whereas the FG200F datasheet states 3.5 Gbps and the FG400F,  has 9 Gbps of threat protection throughput.
it_user72771 - PeerSpot reviewer
Info Sec Consultant at Size 41 Digital
Real User
Top 5
Product Comparisons
Download Free Report
Download our FREE report comparing Cisco Secure Firewall and Fortinet FortiGate based on reviews, features, and more! Updated: January 2023.
670,331 professionals have used our research since 2012.