Coming October 25: PeerSpot Awards will be announced! Learn more
2022-05-06T05:55:00Z
ID
User at Zm3
  • 7
  • 181

Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?

Hi community members,

I'm considering replacing a Cisco ASA Firewall with Fortinet FortiGate FG 100F. This is in order to reduce the cost.

Is this the right thing to do? What would be your advice? Please elaborate.

Thank you for your help!

8
PeerSpot user
8 Answers
DanielValente - PeerSpot reviewer
Head of Platforms and Infrastructure at LOQR
User
2022-05-09T21:41:50Z
09 May 22

Hi, 


You are comparing a piece of old equipment with a true next-gen firewall. 


Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent. 


But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.

Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 5
2022-05-11T12:43:17Z
11 May 22

Chalk and cheese! 


I'd never said they were exactly the same. I just said they are good enough to do the job. Of course, the newer device is better in quantity of functions and options (no matter the brand) but again if the first device is working, why change it. What is the real need to make such a big change without a real need to do it? It's not affordable for most organizations.


What is your goal,@Isaiah Dominic? Please tell us what functions you need from FortiGate which are not there, in Cisco ASA?


Again, how are you gonna reduce the cost of buyying somethig to replace some gear you already have doing the job, @Isaiah Dominic? What are your use cases? I'm not supporting the Cisco brand (trust me I dont like it, ) but maybe ii's because my English isn't that good but I dont get it.


Good luck!

Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 5
2022-05-09T14:50:19Z
09 May 22

Hi @Isaiah Dominic,



I have a few questions:
Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:

I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it? 


If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?

Both devices are good enough.

I expect this could help you, 


Good luck!

Richard Benfatto - PeerSpot reviewer
Networking Security Expert at SR Technologies
User
Top 5
11 May 22

@Luis Apodaca no they are not. It is chalk and cheese.

PeerSpot user
Mohamed El-Sherbini - PeerSpot reviewer
IT Manager at Mada Insurance
Real User
Top 5
2022-05-15T06:40:47Z
15 May 22

Highly recommended 


You'll find extreme differences between both, especially in cost and support. 


For any inquiries don't hesitate to send me a DM.

Nidhal Ben Jeddou - PeerSpot reviewer
Information Technology Support Manager at a financial services firm with 51-200 employees
Real User
Top 10
2022-05-11T13:32:34Z
11 May 22

I recommend Cisco Firepower NGFW

RS
Manager Network & Communication Engineer at a transportation company with 1,001-5,000 employees
Real User
Top 20
2022-05-11T10:02:24Z
11 May 22

The ASA model is very important here.


Does the ASA has the NGFW features or it's the old legacy FW?


Did you do the proper sizing for the FG, to decide this is the suitable model?


What I expect, you have an old legacy FW (Cisco ASA) and you want to replace it with NGFW. If so, I recommend this step, but my concern is to take care of the sizing calculation, since the performance in a Cisco firewall is slightly better.

Find out what your peers are saying about Cisco ASA Firewall vs. Fortinet FortiGate and other solutions. Updated: August 2022.
635,162 professionals have used our research since 2012.
Richard Benfatto - PeerSpot reviewer
Networking Security Expert at SR Technologies
User
Top 5
2022-05-11T00:21:21Z
11 May 22

Confusing, costs? Cost is an elastic term that with time will determine choices. 


Fortinet is KING!. 


Cisco ASA could not come anywhere near. Not sure reasons for going to ASA, in the first place. 


The Forti OS system and the hardware appliances on most models have custom chips that provide an incredible throughput with lots of protection enabled policies otherwise, like ASA, the CPU would choke very quickly.


All that I can say is that you cannot go wrong with a FortiGate appliance. Simple as that.

Bijo Abraham - PeerSpot reviewer
Technical Consultant | Network and Security at Interconnect Consulting Limited
User
2022-05-09T23:48:46Z
09 May 22

Hi @Isaiah Dominic,


I would think you are upgrading your current ASA which is there for a long time with a NextGen firewall. 


I don’t understand the point of reducing the cost, since ASA is an old product, you wouldn’t be able to compare the prices. In terms of the cyber security and next-generation firewall capabilities, I would suggest looking at products from Palo Alto Networks and compare with FortiGate which price-wise would be better. 


A next-generation firewall is recommended if it is a small, medium or large environment as the cyber-attacks are exponentially high now. I would highly recommend having a look around Palo Alto vs FortiGate comparison and the pros and cons. 


I will leave it up to you and I hope this helps.

Related Questions
MF
User at samehgroup
Jun 06, 2022
Hi security and IT pros, Which firewall product would you choose for your company: FortiGate 200F or Sophos XG 310? Why this would be your choice? Thanks in advance. 
See 2 answers
MV
Consultant with 11-50 employees
25 May 22
FortiGate. Fortinet is in Gartner Leader Magic Quadrant (MQ).  Sophos is in Niche Player Quadrant if I remember right.  You can never go wrong picking a vendor in the Gartner Leader MQ. Show the Gartner MQ to your leadership to get them on board too.
fdiazm - PeerSpot reviewer
Product Manager at Entel Chile
06 June 22
Hi,  If I look at it only from the point of view of analytics and performance, I lean towards Fortinet, but if I look at it at the service level and with the possibility of being part of an even larger project, this is when I don't see competitors for Fortinet and I mean the component. of after-sales services, the local presence in my country has come from less to more, which makes the difference when choosing a partner to work with.
AP
User at JAS
Jan 26, 2022
Hi colleagues, Can anyone explain the main differences in features between Sophos XG and FortiGate 80F?  Thanks and I appreciate your help!
2 out of 6 answers
Arun-M - PeerSpot reviewer
Network Engineer at Fortune Techserve
24 January 22
Hi Techies, Sophos features: -Address object can be created as a list. -Endpoint security - added security. -Reports can be exported from NGFW. -ACL can be made as a group. -IPSec VPN templates can be created and to be applied to a policy. FortiGate features: -VDOM can be created from the firewall. -Fortitoken two free for MFA. -SSL VPN MFA can apply through mail. -KB article is very useful to troubleshoot any kind of issue.
PeerSpot user
Network Engineer at Datafox OÜ
24 January 22
Hi, Sophos XG series has been replaced with new XGS series using Xstream Flow Processors. This has doubled the performance compared to previous XG models. With Sophos XGS firewall they also give cloud-based Sophos Central service free to use for managing firewalls. Central-based firewall reports are limited to 30 days with a free account.Sophos models XG 85/86/87 and XGS 87 do not support reporting. Comparing models of different vendors based on specifications may not give the most optimal result.The model should be chosen based on real usage data and what functionalities will be used since they have an impact on firewall performance: * WAN speed * LAN speed * User count and traffic per user * Servers and do you need Web server protection? * VPN client count and traffic per user (gateway mode or split tunnel) * IDS/IPS needed? * Application Firewall needed? * E-mail protection needed? * Endpoint client used? Endpoint synchronization with firewall? * etc. There is also a possibility to add a firewall in transparent mode to the existing network, let it collect traffic data and choose the model on actual traffic and performance data. There is also an alternative to buying out firewall appliance - MSP (Managed Service Provider) monthly based solution. A service provider or a vendor owns the hardware and rents it out as a monthly service. This adds flexibility for the client since the firewall and license can be replaced as needed. This may happen if the user count increases faster than expected. It may also have a good ecological impact if the hardware is reused.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Content at PeerSpot (formerly IT Central Station)
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
17 August 22
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 05, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
Ravi Suvvari - PeerSpot reviewer
Performance and Fault-tolerance Architect with 1,001-5,000 employees
30 May 22
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
11 July 22
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Content at PeerSpot (formerly IT Central Station)
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Download Free Report
Download our free Cisco ASA Firewall Report and get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
DOWNLOAD NOW
635,162 professionals have used our research since 2012.