Sr. Manager - Systems & Networks at Aspire Systems
  • 7
  • 2103

What Is The Biggest Difference Between Cisco Firepower and Palo Alto?

I'm a senior manager of systems and networks at a tech services company.

We are evaluating both Cisco Firepower and Palo Alto Wildfire.

What is the main difference between the two?

Thank you for helping me. I appreciate it!

PeerSpot user
9 Answers
VP of Sales at a consultancy with 11-50 employees
Oct 19, 2019

Palo Alto was the first company to tackle perimeter protection via applications instead of port blocking their install base is massive including the Fortune 50 Cisco is a household name but when it comes to App FW's Palo is the name and they have much more time within the market place to hone their product sets because they invented this architecture. Fortinet, Cisco CheckPoint, Sophos Barracuda , Cisco etc. they are followers not leaders. I like new technology and have been doing research for many years on great products and some real dogs. Years ago there used to be a saying no one ever got fired for buying IBM

Here are a couple of winners you should look at Critical Start, Secuerlink and Okta sorry got off topic typical Sales Guy... Ha Ha. If anyone wants to take a look at any of these new platforms please let me know - Thx

Product comparison that may be of interest to you
Head of Sales with 11-50 employees
Oct 16, 2019

The biggest difference is that Cisco has many point solutions that are not fully orchestrated or can only forward certain data. Palo Alto Networks (No. 1 winner of Forrester Report Q04/18 for Eco Systems Provider) is different.

What is a Palo Alto ecosystem:
There are certainly more than enough top UEBA solutions for endpoint detection, response and network traffic analysis - EDR and NTA - but most force your analysts to manually merge information, slowing investigation and increasing complexity. The Palo Alto Networks ecosystem Cortex XDR™,
on the other hand, features a cloud-based detection and response app and blindly removes spots by merging network, endpoint and cloud data. The automatic exchange of security-relevant information between and within the integrated solutions is crucial, as is the automated resolution of incidents to relieve the SoC team.

Founder and President at scc
Oct 16, 2019

You have Cisco Firepower integrated into the same web-based access GUI than all other Cisco products into one page. And Cisco is a well-known brand with excellent after-sales services worldwide.

About Palo Alto, it seems like a good product also but it does not connect to the same web-based access GUI for Cisco products. And maybe the after-sales services might not be worldwide or not as fast as Cisco.

Girish Vyas - PeerSpot reviewer
Architect - Cloud Serviced at a comms service provider with 10,001+ employees
Real User
Top 20
Nov 30, 2019

Hello there. That is a valid question many would have when they evaluate a product. However comparison of Wildfire and Cisco NGFW would not be correct. It should be compared with what is known as Threatgrid from Cisco which does the same function of sand boxing as that of Palo Alto Wildfire. When you compare both they have their own intelligence unit, Cisco has Talos while Palo Alto has Unit 42 and both will give you a decent protection from zero day. However the product can be differentiated only on the support as both are big names and will deliver the best for their customer. However Cisco support for product is better. That’s where the difference is. Palo Alto being pure focused on security, does determine to application level while Cisco being a networking. Company has an integrated strategy. So overall both product are good. Just that level of support is something someone should definitely evaluate before getting their hands in it. Just my 2 cents.

Enterprise Network Engineer with 501-1,000 employees
Oct 17, 2019

I didn’t work with Cisco Firepower that much but the main difference is that Cisco Firepower is a combined source fire and firewall and they have different mechanisms than Palo Alto Wildfire. It has multiple virtual machines running the malware and gives you the results. If there is no signature it will generate one and upload it to the cloud.

it_user1000680 - PeerSpot reviewer
Finance And IT at Galfar Aspire Readymix LLC
Real User
Oct 17, 2019

Network Speed is stable in Cisco and security is better in Cisco.

I strongly recommended you proceed with Cisco.

Emad Ul Haq - PeerSpot reviewer
Network & Telco Lead at Mercury
Real User
Oct 16, 2019

1. The underlying difference is the threat engine both feed from, both are equally good as none of them comes from a small company.
2. Cisco has an edge on a few things such as it has a bigger fleet to natively collect threats, such as switching, routing, wireless, firewalls and so on. Palo Alto, on the other hand, doesn’t have that, however, these days all major security providers integrate their threat feeds.
3. Some basic comparisons of the platforms are below.
* Firepower is an awesome NGFW addition to the Cisco fleet, however, it has gone through a lot of integrations with and without ASA which has resulted in inconsistency, both in terms of its management and capabilities.
* PaloAlto, on the other hand, is another awesome NGFW which provides you not only brilliant security but also ease of management, it has been like this for a while and the platform is consistent and mature.
* Firepower natively lacked routing capabilities out of the box, unsure what is the latest however PaloAlto comes with feature-rich routing capabilities such as BGP, Route-based VPN etc.
* I have found Panorama to be far more simplistic than ASDM. The firepower FMC provides a good intuitive dashboard but I still prefer Panorama for its single pane of glass.
* Logging in PaloAltos/Panorama is simple as compared to typical ASDM logs, FMC has decent logging.
* You may find Palos to be expensive, I am not updated with the new pricing model of both but that is how it was for some time.

VP of Sales at a consultancy with 11-50 employees
Oct 16, 2019

Compare Cisco Firepower NGFW vs. Palo Alto Networks WildFire

Cisco Firepower NGFW is ranked 9th in Firewalls with 19 reviews while Palo Alto Networks WildFire is ranked 1st in Advanced Threat Protection with 9 reviews. Cisco Firepower NGFW is rated 7.8, while Palo Alto Networks WildFire is rated 8.8. The top reviewer of Cisco Firepower NGFW writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks WildFire writes "Traffic is scanned in a single flow which improves the response times for the user". Cisco Firepower NGFW is most compared with Fortinet FortiGate, Cisco ASA NGFW and Palo Alto Networks WildFire, whereas Palo Alto Networks WildFire is most compared with Fortinet FortiGate, Cisco Firepower NGFW and Cisco ASA NGFW.

Cisco & Meraki Practice VSC Solutions Architect Core Team Lead at Presidio Networked Solutions
Oct 16, 2019

The below link reveals the most significant areas (customer experience, integration, deployment, and configuration, service & support. Hopefully this helps.


Related Questions
Jitender Joshi - PeerSpot reviewer
AVP : Technology Solutions Group at Pramerica
Jan 20, 2023
Hi peers,  I am an AVP at a large insurance company. I am currently researching firewalls. What are the benefits of Fortinet FortiGate 400E versus Cisco ASA 5525? Which product do you prefer and why? Thank you for your help.
See 1 answer
Technology Services Director at a tech services company with 11-50 employees
Jan 20, 2023
Purely from datasheet numbers, the Fortinet 400E unit has much higher performance in most dimensions than the 5525-X appliance, but you'd need to have some specific use cases and metrics in mind to know if that applies to you. If the key metric is a bang for the buck, Fortinet usually wins until vendors start applying extra discounts to level the playing field. Also, the 400E has been superseded by the 400F, using newer ASIC to effectively double most performance metrics, I suggest you have a look at the data sheets for that versus the current Cisco unit. As an engineer, I find the Fortinet units much more interoperable, whereas Cisco tends to encourage the adoption of their Cisco-proprietary solutions, as part of a single-vendor fabric. Also, for more junior admins, Cisco is a CLI-first solution and always has been, with ASDM feeling bolted on afterward, whereas Fortinet has a pretty good GUI in recent years, and only requires CLI for more esoteric features. The Cisco solution is always going to be a better fit if you want to know which solution your Cisco-trained engineers and admins need to best complement your Cisco routers, Cisco switches, Cisco WLC, and Cisco ISE. If you want throughput or port count for segregation, or a security-focused vendor with a more open feature set, Fortinet might be a better choice in my opinion.
Steve Chiyenda - PeerSpot reviewer
IT Supervisor at Blantyre Netting Company Limited
May 20, 2022
Hi peers, A week ago I lost my data through the malware from which I failed to recover as the file got corrupted.  Now, I want to work with a firewall and so am looking for suggestions on whether I should purchase Cisco Firepower or Sophos XG. Which one is a good match for an SMB? What would you recommend?
2 out of 3 answers
Bennett Gomonda - PeerSpot reviewer
Pre-Sales Support Engineer at Skyband Corporation
May 18, 2022
I prefer Sophos. I find it easy to use and it has better features on malware and threat management.
Carlos Roberto Da Silva - PeerSpot reviewer
Pre-Sales Director at 4 IT Solution
May 19, 2022
I recommend Sophos XGS firewall. It will offer the best solution for malware protection.  Also, I recomend Sophos CIXA with XDR (Sophos Endpoint), so you can use Syncronized Security.