Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
  • 22
  • 1646

What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?

One of the most popular comparisons on IT Central Station is Cisco ASA vs Fortinet FortiGate.

People like you are trying to decide which one is best for their company. Can you help them out?

What is the biggest difference between Cisco ASA and Fortinet FortiGate? Which of these two solutions would you recommend to a colleague evaluating Firewall solutions and why?

Thanks for helping your peers make the best decision!

PeerSpot user
18 Answers
Alberto E. Luna Rodriguez - PeerSpot reviewer
Network Security Coordinator at a energy/utilities company with 1,001-5,000 employees
Real User
Dec 18, 2018

Fortinet FGs: Great devices, relatively easy to deploy and maintain. Cheaper than most devices of their kind. If you're looking for a lot of features at a relatively low price point this is the way to go. However, beware of Fortinet's promises performance-wise, if you take this route you'll want to over-dimension your device a bit, otherwise you will not be activating the features you're buying. Stability and reliability is OK (careful with software upgrades as they tend to break some things).

Cisco ASA: My personal preference because of the peace of mind they provide (specially if it's your phone that rings every time something breaks). Not as friendly as Fortinet, takes effort deploy and maintain. They are more expensive and offer less features, but they do the work they are built for, and they do it exceptionally. If you are looking for stability, reliability and great support, and you don't mind spending some extra dollars then this is the way to go, Firepower adds some of the missing features that other vendors offer, but not as well integrated IMO. They are improving on that regard, but still lag behind other vendors with UTM devices.

Product comparison that may be of interest to you
User at cdw
Dec 17, 2018

Cisco has been playing catchup for years with regards to firewalls, they still don't have it. Personal preference is PA however I would also recommend Fortinet hands down over the Cisco ASA if my job depended on it.

Director Of Technology Services with 201-500 employees
Jun 24, 2019

Cisco ASA is an excellent product if you don't need UTM capabilities and will be leveraging other security solutions to complete your security architecture. We recently replaced our ASA with Fortinet as the latter provided a UTM device that was more inline with our strategy to simplify our architecture and operations. The Fortinet VDOM approach is miles ahead of Cisco providing flexibility in how we deploy our security appliance which would be much more difficult with the ASA. Even though we are a Cisco shop, the FortiGate has proven to be easier to manage and gets the job done, no issues after almost 1 year of operation. Other benefits include the lower cost, less complexity in licensing and the FortiOS Security Fabric which can extend seamlessly to incorporate switches and APs allowing you to easily build out your security infrastructure and manage it all through a single pane of glass with FortiAnalyzer and FortiManager integrated into the box. What more can you ask for?

Network Engineer with 201-500 employees
Real User
Dec 19, 2018

1. The biggest difference between the two is the pricing. You can get a higher model of FortiGate with all the bells and whistles for a quarter of the price of the basic model of the Cisco Firepower (cisco's next gen firewalls).
2. Cisco ASA will be end of production pretty soon. I am unsure if they will continue to sell the ASA with Firepower bundle.
3. The only upside of buying Cisco these days is for the TAC support which of course comes with a huge cost of smartnet support cost.
4. The down side of FortiGate is that their support isn't as great as Cisco. So if you know what you are doing you can get by with FortiGate just fine and save a bunch of money in the process. It is not that difficult to work with FortiGate.
5. My suggestion is do a Proof of Concept with both the hardware on site and evaluate the performance and ease of use. Your sales rep for Cisco and FortiGate should be able to get you a demo device.
6. Also key when choosing a firewall is understanding the nature of your traffic. For example: My previous company dealt with a lot of bid traffic which are really small packets but in large numbers and the Palo Alto firewall that we brought for almost $500K could not handle it, hence do your due diligence and understand the traffic that will be passing through the firewall.
7. Evaluate the firewall to see if it can handle east-west traffic security (zero trust deployment).

Vice President and Head - IT Telecom, Software License Management and Collaboration at Mphasis
Dec 18, 2018

In Comparison between Cisco ASA and Fortinet, I can recommend always Fortinet is Ahead of Cisco. Being deployed both firewalls into our managed environment I have better experience with Fortinet,
1. FortiGate Hardware is seen to be providing better performance in front of Cisco where Hardware issues are almost NIL. Failover between devices is seamless comparing Cisco ASA
2. The port density and type (Copper/fiber) comes along with Any FortiGate hardware at his throughput comparison level is high and you will have privilege to deploy firewall in your customize scenarios. Which further gives cost advantage.
3. The VDOM management concept is one of the differentiated factor where manageability and sharing firewall in multi environment projects is saves cost.
4. Forti manager and Forti analyzer are best to manage multiple firewalls in single pane.
5. Both firewalls Support most NGFW features. But I feel FortiGate is superior with respect to management of policies, IP based, user based, DNS based and application based.
6. Support wise FortiGate is seen advance in front of Cisco TAC.
7. Mainly, you will not see or less IOS bugs, vulnerabilities in Foregate where Cisco you have to constant keep upgrading with frequent IOS releases.
8. You will see more API integration options with FortiGate than ASA to customize, automate some of the operational cases.

COO/CTO at a pharma/biotech company with 11-50 employees
Real User
Dec 17, 2018

Before I respond completely, does it matter if the bandwidth is compromised while all firewall apps are active?

My experience with Fortinet was heavy overhead while their firewall apps were active. This was with a 1GHz Verizon FIOS business account (1 GHz up AND download). Hardwired endpoints and WiFi connections using Fortigate APs were under 20 devices. We were below 100 MHz and was confirmed with my 3rd party whom I had a 5 day a week 8 hours/day support account. That is a greater than 90% overhead. The Fortinet device was a 90-D router - that was overkill for what my company size was and yet, still had that performance.

Find out what your peers are saying about Cisco Secure Firewall vs. Fortinet FortiGate and other solutions. Updated: January 2023.
670,331 professionals have used our research since 2012.
Senior Network Engineer with 1,001-5,000 employees
Dec 17, 2018

In order to answer that question a few things needs to be understood about the current environment.

For small to medium business where funding is a concern, the Fortinet are a very good long term solution. If you are deploying an External and Internal environment, you could leverage a combination of both where the Cisco ASA is on the internal and Fortinet on the external.

Fortinet’s are easier to deploy and there security approach is top end.

ASA are a bit more difficult and with the FirePower are known to be an issue when deploying and pushing out policies.

I’d be more inclined to go with the Fortinet’s than ASA’s is staff and resources are limited.

GoumouFerdinand - PeerSpot reviewer
Security Engineer at Socitech SA
Real User
Dec 20, 2018

Hello, I recommend Cisco ASA, it is very consistence, powerful, flexible and interoperability that is the main goal of Cisco products. I always recommend to my client ASA if they need Firewall only.
Fortigate is a good product, easy to implement and manage, it is also less expensive compare to ASA, I most of the time recommend Fortinet to a client who have limited budget for security, so by choosing Fortigate, the client can use the other services such as antivirus, malware protection, application control and so on.
So in summary the choice is not made base on the device, but base on the customer infrastructure, budget and technical resource they have to manage the devices.


CIO with 10,001+ employees
Dec 18, 2018

The biggest difference from my investigation is the drill down detail available with the Fortinet. If it were up to me, I would have went with the Fortinet, but administration couldn’t justify the additional cost differential.

Dec 17, 2018

As UTM forti is the best choice but if you wanna add IPS and IDS fonction it's better to use Cisco FIREPOWER. in our case we are using the two solutions. That keeps each performance.

Senior Software Engineer with 501-1,000 employees
Top 5Leaderboard
Feb 18, 2020

Cisco FW for peace of mind

it_user1146165 - PeerSpot reviewer
Cibersecurity Pre-Sales at Ingram Micro Inc.
Real User
Jul 30, 2019

Entre las dos opciones recomiendo Fortifate sobre Cisco ASA por las siguientes razones. Si requiere funcionalidades de IPS en el Cisco ASA, se realizan a través del módulo Firepower (Antes Sourcefire) que Cisco nunca pudo integrar de manera nativa con el ASA y que por eso trabajan de manera independiente, de tal forma que para la configuración requieren de una herramienta de management diferente para su configuración. Como son módulos independientes, la inspección del paquete se hace de manera serial por cada una las funcionalidades de seguridad habilitada. Este tipo de arquitectura de hardware deriva en la enorme degradación del performance al habilitar funcionalidades de manera creciente. Por la anterior razón es que Cisco esta depreciando el Cisco ASA y reemplazándolo con la plataforma Cisco Firepower que adquirió y que finalmente ganó la batalla..

Network Specialist with 51-200 employees
Dec 20, 2018

Unfortunately I have no real production experiences with FG (just a little limited in LAB) so I can not pronounce a relevant court. Based on this, I think FG has the advantage in the accelerated hardware while ASA has a wider range of features and greater possibilities for fine tuning and of course there is still unbeatable support. With ASA, I have production experiences with models up to 5525X and a testings in the LAB with the 5585X-SSP 60 and my experiences are very positive. Of course, depending on the requirements in each particular situation, one or another device can be a better choice. Perhaps the users who do not get in the command line will prefer FG because of the unattractive Cisco GUI, but users like me who '' grew up '' on cli it will not be important for the decision.

Assistant Manager (Infrastructure) with 51-200 employees
Dec 18, 2018

If you are Cisco house, go for Cisco ASA but i will prefer Cisco Firepower series. Manage an ASA+FIREPOWER series really time consuming.
(From the above here you can see just a firewall but Cisco have different naming + license + usage + OS. Newbie in Cisco firewall product will get frustrated, even some "senior" engineer do not know how to play the Cisco firewall product too.

Personally i will prefer Fortigate if just compare between (Cisco and Fortinet)

If you are comparing PA, Checkpoint, Fortinet and Cisco. PA will be the top selection.
There is a lot discussion about the firewall brand out there.
Eventually, all are control by company budget. If you have unlimited budget, i can get all the brand for different purpose and meet all the security compliance.

Dec 17, 2018

Considering and recommending any equipment relay on demands, than environment, than possible sources.

In my case there was no so much and not so heavy demands.

I would like to find simple solution in term of maintenance, licencing for environment with lack of human resources in small office.

Based, more or less, on previous my choice would be FortiGate.

Correct me if I'm wrong, but I feel that user should spend more effort and money on Cisco.

However, name of the game should not be: Producer vs Producer, but "You have to have it", just use any available.

This is only end user opinion.

Managing Director with 1-10 employees
Dec 17, 2018

Only CISCO ASA and ASAv benefits from integration with highest grade Multi-factor Authentication product, CASQUE SNR. For Whitepapers see https://www.linkedin.com/in/basilphilipsz/detail/recent-activity/posts/

Fadil Kadrat - PeerSpot reviewer
Network Engineer at Banque des Mascareignes
Real User
Dec 17, 2018

I'll recommend Fortinet.

AdnanKhan - PeerSpot reviewer
Senior System Administrator at a tech services company with 11-50 employees
Real User
Dec 17, 2018

I'll recommend Fortinet.

Related Questions
User at PT. Manunggal Integrasi Sejahtera
Jan 27, 2023
Hello peers,  I work at a small tech company and am researching firewalls. Which solution do you prefer: Juniper SRX4200 or FortiGate 1800? Can you please compare the two solutions? Thank you for your help.
See 1 answer
Technical Specialist - Head of Presales at Artha Mitra Interdata
Jan 27, 2023
Hi Fahrorozi,If I have to choose between these two, I will choose FG 1800Reasons:1. More flexible ports to use from 1G to 40G2. Include SSL VPN / client VPN for users3. Have better Web management than SRX.4. From datasheet some of the throughput also larger (IPv4 FW throughput, Max Session, Max Policies, etc)But you need to know what you need for your company.- Maybe you only need 10G interface instead of 1G- Maybe you dont need the SSL VPN / Client VPN- You also don't need a large throughput.Hope this help.
Guillermo Read - PeerSpot reviewer
Advisory Engineer - Telecommunications Solution Design at Claro RD
Jan 20, 2023
Hello community, I am an Advisory Engineer at a large comms services company. I am currently researching Fortinet's firewall solutions. Which Fortinet firewall model is the equivalent of Sophos XG 450? Thank you for your help.
2 out of 3 answers
Director at REDCO
Jan 20, 2023
According to the datasheet, it can be the 400F, but I almost think that with 200F it can work without a problem, the detail is that XG is the previous generation. At the moment, they are the XGS of SOPHOS.
William Yragui - PeerSpot reviewer
President at infobond
Jan 20, 2023
The XG 450 supports 2 10Gb SFP+ slots and 8 GE ports. A Fortinet FG200F supports 4 10Gb SFP+ slots, 8 GE SFP slots, and 18 GE ports. A Fortinet FG400F supports 8 10Gb SFP+ slots, 8 GE SFP slots, and 18 GE ports. Barebones the Sophos XV 450 carries a list price of $11,823, whereas an FG200F costs $5,544, and the FG400F, $11,523.  What I look for is the ability of a firewall to decrypt SSL sessions. Given that 80% or more of your network traffic will be encrypted, the firewall has to be able to decrypt packets to find malware. The Sophos XG 450 can inspect 770 Mbps of SSL traffic. The FG200F will inspect 4 Gbps and the FG400F will inspect 8 Gbps of SSL traffic. The Sophos XG 450 has a threat protection throughput of 3.4 Gbps whereas the FG200F datasheet states 3.5 Gbps and the FG400F,  has 9 Gbps of threat protection throughput.
Product Comparisons
Download Free Report
Download our FREE report comparing Cisco Secure Firewall and Fortinet FortiGate based on reviews, features, and more! Updated: January 2023.
670,331 professionals have used our research since 2012.