You are comparing a piece of old equipment with a true next-gen firewall.
Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent.
But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.
IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 5
2022-05-11T12:43:17Z
May 11, 2022
Chalk and cheese!
I'd never said they were exactly the same. I just said they are good enough to do the job. Of course, the newer device is better in quantity of functions and options (no matter the brand) but again if the first device is working, why change it. What is the real need to make such a big change without a real need to do it? It's not affordable for most organizations.
What is your goal,@Isaiah Dominic? Please tell us what functions you need from FortiGate which are not there, in Cisco ASA?
Again, how are you gonna reduce the cost of buyying somethig to replace some gear you already have doing the job, @Isaiah Dominic? What are your use cases? I'm not supporting the Cisco brand (trust me I dont like it, ) but maybe ii's because my English isn't that good but I dont get it.
I have a few questions: Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:
I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it?
If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?
Manager Network & Communication Engineer at a transportation company with 1,001-5,000 employees
Real User
Top 20
2022-05-11T10:02:24Z
May 11, 2022
The ASA model is very important here.
Does the ASA has the NGFW features or it's the old legacy FW?
Did you do the proper sizing for the FG, to decide this is the suitable model?
What I expect, you have an old legacy FW (Cisco ASA) and you want to replace it with NGFW. If so, I recommend this step, but my concern is to take care of the sizing calculation, since the performance in a Cisco firewall is slightly better.
Confusing, costs? Cost is an elastic term that with time will determine choices.
Fortinet is KING!.
Cisco ASA could not come anywhere near. Not sure reasons for going to ASA, in the first place.
The Forti OS system and the hardware appliances on most models have custom chips that provide an incredible throughput with lots of protection enabled policies otherwise, like ASA, the CPU would choke very quickly.
All that I can say is that you cannot go wrong with a FortiGate appliance. Simple as that.
I would think you are upgrading your current ASA which is there for a long time with a NextGen firewall.
I don’t understand the point of reducing the cost, since ASA is an old product, you wouldn’t be able to compare the prices. In terms of the cyber security and next-generation firewall capabilities, I would suggest looking at products from Palo Alto Networks and compare with FortiGate which price-wise would be better.
A next-generation firewall is recommended if it is a small, medium or large environment as the cyber-attacks are exponentially high now. I would highly recommend having a look around Palo Alto vs FortiGate comparison and the pros and cons.
Hello peers,
I work at a small tech company and am researching firewalls.
Which solution do you prefer: Juniper SRX4200 or FortiGate 1800? Can you please compare the two solutions?
Thank you for your help.
Technical Specialist - Head of Presales at Artha Mitra Interdata
Jan 27, 2023
Hi Fahrorozi,If I have to choose between these two, I will choose FG 1800.
Reasons:1. More flexible ports to use from 1G to 40G2. Includes SSL VPN / client VPN for users3. Has better web management than SRX4. From the datasheet, some of the throughputs are also larger (IPv4 FW throughput, Max Session, Max Policies, etc).But you need to know what you need for your company.- Maybe you only need a 10G interface instead of a 1G- Maybe you don't need the SSL VPN / Client VPN- You also don't need a large throughput.Hope this helps.
Hello community,
I am an Advisory Engineer at a large comms services company.
I am currently researching Fortinet's firewall solutions. Which Fortinet firewall model is the equivalent of Sophos XG 450?
Thank you for your help.
According to the datasheet, it can be the 400F, but I almost think that with 200F it can work without a problem, the detail is that XG is the previous generation. At the moment, they are the XGS of SOPHOS.
The XG 450 supports 2 10Gb SFP+ slots and 8 GE ports. A Fortinet FG200F supports 4 10Gb SFP+ slots, 8 GE SFP slots, and 18 GE ports. A Fortinet FG400F supports 8 10Gb SFP+ slots, 8 GE SFP slots, and 18 GE ports. Barebones the Sophos XV 450 carries a list price of $11,823, whereas an FG200F costs $5,544, and the FG400F, $11,523. What I look for is the ability of a firewall to decrypt SSL sessions. Given that 80% or more of your network traffic will be encrypted, the firewall has to be able to decrypt packets to find malware. The Sophos XG 450 can inspect 770 Mbps of SSL traffic. The FG200F will inspect 4 Gbps and the FG400F will inspect 8 Gbps of SSL traffic. The Sophos XG 450 has a threat protection throughput of 3.4 Gbps whereas the FG200F datasheet states 3.5 Gbps and the FG400F, has 9 Gbps of threat protection throughput.
Hi,
You are comparing a piece of old equipment with a true next-gen firewall.
Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent.
But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.
Chalk and cheese!
I'd never said they were exactly the same. I just said they are good enough to do the job. Of course, the newer device is better in quantity of functions and options (no matter the brand) but again if the first device is working, why change it. What is the real need to make such a big change without a real need to do it? It's not affordable for most organizations.
What is your goal,@Isaiah Dominic? Please tell us what functions you need from FortiGate which are not there, in Cisco ASA?
Again, how are you gonna reduce the cost of buyying somethig to replace some gear you already have doing the job, @Isaiah Dominic? What are your use cases? I'm not supporting the Cisco brand (trust me I dont like it, ) but maybe ii's because my English isn't that good but I dont get it.
Good luck!
Hi @Isaiah Dominic,
I have a few questions:
Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:
I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it?
If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?
Both devices are good enough.
I expect this could help you,
Good luck!
@Luis Apodaca no they are not. It is chalk and cheese.
Highly recommended
You'll find extreme differences between both, especially in cost and support.
For any inquiries don't hesitate to send me a DM.
I recommend Cisco Firepower NGFW
The ASA model is very important here.
Does the ASA has the NGFW features or it's the old legacy FW?
Did you do the proper sizing for the FG, to decide this is the suitable model?
What I expect, you have an old legacy FW (Cisco ASA) and you want to replace it with NGFW. If so, I recommend this step, but my concern is to take care of the sizing calculation, since the performance in a Cisco firewall is slightly better.
Confusing, costs? Cost is an elastic term that with time will determine choices.
Fortinet is KING!.
Cisco ASA could not come anywhere near. Not sure reasons for going to ASA, in the first place.
The Forti OS system and the hardware appliances on most models have custom chips that provide an incredible throughput with lots of protection enabled policies otherwise, like ASA, the CPU would choke very quickly.
All that I can say is that you cannot go wrong with a FortiGate appliance. Simple as that.
Hi @Isaiah Dominic,
I would think you are upgrading your current ASA which is there for a long time with a NextGen firewall.
I don’t understand the point of reducing the cost, since ASA is an old product, you wouldn’t be able to compare the prices. In terms of the cyber security and next-generation firewall capabilities, I would suggest looking at products from Palo Alto Networks and compare with FortiGate which price-wise would be better.
A next-generation firewall is recommended if it is a small, medium or large environment as the cyber-attacks are exponentially high now. I would highly recommend having a look around Palo Alto vs FortiGate comparison and the pros and cons.
I will leave it up to you and I hope this helps.