What are the main differences between Palo Alto and Cisco firewalls ?
I'm researching firewall options. What are the differences between Palo Alto and Cisco Firewalls solutions in terms of advantages, disadvantages, usage and practices?
Pick a product model for both vendors: Cisco & Palo Alto (refer to technical data sheets and whitepapers --) See the key differences on your target or specific needs).
Practical evaluation by a person who has both products under the belt and can share their experiences...
There are some major differentiators that make Palo Alto more preferable. First of all Palo Alto's Hardware is FPGA based, which has no parallel. Due to this capability it supports SP3 technology which provides single pass parallel processing architecture. This means PA processes traffic through all the engines i.e. application, IPS and others simultaneously. This improves resiliency and provides exactly the same throughput which committed in PA data sheet. PA has been in the leaders magic quadrant of Gartner for the 7th consecutive time in a row, which shows its block capability is above power. Moreover, it is very user friendly and easy for configure. Palo Alto provides all routing features plus IPsec tunnels without any license - license subscriptions are only required for security bundles. Palo Alto has on-box (without any additional license or cost) reporting capability that no other firewall has at the moment.
On the contrary, Cisco Firewall and its management center is not stable and lacks user friendly operations.
Well they are two leaders, one from US, another from Israel.
Checkpoint is the first well known firm to launch firewalls.
Palo Alto is certainly now the leader, but could be expensive in strong configurations. It supports virtualization very well and is number one for reporting.
Checkpoint NGFW is strong but under competition for high volumes when compared referred to a comparable appliance (Fortinet for instance). It needs perhaps more technical knowledge to administrate, in spite of an amazing choice of blades in the NGFW offering.
The reliability depends on your partner or integrator and a good definition of needs to have a proper sizing of your equipment.
Palo Alto is the market leader and a company with a very holistic approach to security. Firewalls are its mainstream business, whereas Cisco basically known as a networking company is trying to be one of the major players in providing security solutions. Things like advantages, disadvantages, usage and practices is a very vast topic. Generally companies already having Cisco infrastructure tend to choose Cisco firewalls from the integration point of view. Palo Alto firewalls could be more expensive.
Hi peers,
I am an AVP at a large insurance company.
I am currently researching firewalls. What are the benefits of Fortinet FortiGate 400E versus Cisco ASA 5525? Which product do you prefer and why?
Thank you for your help.
Technology Services Director at a tech services company with 11-50 employees
Jan 20, 2023
Purely from datasheet numbers, the Fortinet 400E unit has much higher performance in most dimensions than the 5525-X appliance, but you'd need to have some specific use cases and metrics in mind to know if that applies to you. If the key metric is a bang for the buck, Fortinet usually wins until vendors start applying extra discounts to level the playing field.
Also, the 400E has been superseded by the 400F, using newer ASIC to effectively double most performance metrics, I suggest you have a look at the data sheets for that versus the current Cisco unit.
As an engineer, I find the Fortinet units much more interoperable, whereas Cisco tends to encourage the adoption of their Cisco-proprietary solutions, as part of a single-vendor fabric. Also, for more junior admins, Cisco is a CLI-first solution and always has been, with ASDM feeling bolted on afterward, whereas Fortinet has a pretty good GUI in recent years, and only requires CLI for more esoteric features.
The Cisco solution is always going to be a better fit if you want to know which solution your Cisco-trained engineers and admins need to best complement your Cisco routers, Cisco switches, Cisco WLC, and Cisco ISE. If you want throughput or port count for segregation, or a security-focused vendor with a more open feature set, Fortinet might be a better choice in my opinion.
Hello peers,
I am an Engineer at a small tech services company.
I am currently researching firewalls and would like to know what are the differences between Palo Alto Networks' PA-820 and PA-850.
Thank you for your help.
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote!
If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too!
...
Hi dear community members,
In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own!
Trending
These are the topics your peers are talking about on PeerSpot this week
How do I estimate the requir...
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers!
Also, special thanks to the articles' contributors included in this Community Spotlight:
@Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Dear PeerSpot community members,
This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.
Check them out!
Trending
See what your peers are discussing at the moment!
What were your main pain points during the SIEM product purchase process?
What...
Hi peers,
This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.
Articles
Check the top products and solutions below (selected based on peer reviews) or contribute your own article!
Top Security Orchestration Automation and Response (SOAR) Solutions
Top 8 Data Loss Prevention (DL...
Hi community members,
As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers.
Trending
See what is trending at the moment and chime in to discuss!
Top 8 Extended Detection and Response (XDR) Tools 2022
Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
What is the...
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Download our FREE report comparing Cisco Secure Firewall and Palo Alto Networks NG Firewalls based on reviews, features, and more! Updated: January 2023.
Pick a product model for both vendors: Cisco & Palo Alto (refer to technical data sheets and whitepapers --) See the key differences on your target or specific needs).
Practical evaluation by a person who has both products under the belt and can share their experiences...
Anyone inputs, please?
There are some major differentiators that make Palo Alto more preferable. First of all Palo Alto's Hardware is FPGA based, which has no parallel. Due to this capability it supports SP3 technology which provides single pass parallel processing architecture. This means PA processes traffic through all the engines i.e. application, IPS and others simultaneously. This improves resiliency and provides exactly the same throughput which committed in PA data sheet. PA has been in the leaders magic quadrant of Gartner for the 7th consecutive time in a row, which shows its block capability is above power. Moreover, it is very user friendly and easy for configure. Palo Alto provides all routing features plus IPsec tunnels without any license - license subscriptions are only required for security bundles. Palo Alto has on-box (without any additional license or cost) reporting capability that no other firewall has at the moment.
On the contrary, Cisco Firewall and its management center is not stable and lacks user friendly operations.
Well they are two leaders, one from US, another from Israel.
Checkpoint is the first well known firm to launch firewalls.
Palo Alto is certainly now the leader, but could be expensive in strong configurations. It supports virtualization very well and is number one for reporting.
Checkpoint NGFW is strong but under competition for high volumes when compared referred to a comparable appliance (Fortinet for instance). It needs perhaps more technical knowledge to administrate, in spite of an amazing choice of blades in the NGFW offering.
The reliability depends on your partner or integrator and a good definition of needs to have a proper sizing of your equipment.
Ease of Use
- GUI familiarities and adoption level can differ from user to user.
- Personally I found CISCO ASA interface is hard to comprehend compare to Palo Alto
- Command line interface is good, only challenge is past experience and correctness of commands to get error free results!
Performance of the Appliance
- Palo Alto VS CISCO - Palo Alto is better performing appliance.
Palo Alto is the market leader and a company with a very holistic approach to security. Firewalls are its mainstream business, whereas Cisco basically known as a networking company is trying to be one of the major players in providing security solutions. Things like advantages, disadvantages, usage and practices is a very vast topic. Generally companies already having Cisco infrastructure tend to choose Cisco firewalls from the integration point of view. Palo Alto firewalls could be more expensive.
Palo Alto has more visibilities and control instead of Cisco Firewall.