IT Central Station is now PeerSpot: Here's why

Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?

Hi community members,

I'm considering replacing a Cisco ASA Firewall with Fortinet FortiGate FG 100F. This is in order to reduce the cost.

Is this the right thing to do? What would be your advice? Please elaborate.

Thank you for your help!

PeerSpot user
89 Answers

Luis Apodaca - PeerSpot reviewer
Top 5User

Chalk and cheese! 

I'd never said they were exactly the same. I just said they are good enough to do the job. Of course, the newer device is better in quantity of functions and options (no matter the brand) but again if the first device is working, why change it. What is the real need to make such a big change without a real need to do it? It's not affordable for most organizations.

What is your goal,@Isaiah Dominic? Please tell us what functions you need from FortiGate which are not there, in Cisco ASA?

Again, how are you gonna reduce the cost of buyying somethig to replace some gear you already have doing the job, @Isaiah Dominic? What are your use cases? I'm not supporting the Cisco brand (trust me I dont like it, ) but maybe ii's because my English isn't that good but I dont get it.

Good luck!

DanielValente - PeerSpot reviewer


You are comparing a piece of old equipment with a true next-gen firewall. 

Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent. 

But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.

Luis Apodaca - PeerSpot reviewer
Top 5User

Hi @Isaiah Dominic,

I have a few questions:
Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:

I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it? 

If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?

Both devices are good enough.

I expect this could help you, 

Good luck!

Richard Benfatto - PeerSpot reviewerRichard Benfatto
Top 5User

@Luis Apodaca no they are not. It is chalk and cheese.

Mohamed El-Sherbini - PeerSpot reviewer
Top 5Real User

Highly recommended 

You'll find extreme differences between both, especially in cost and support. 

For any inquiries don't hesitate to send me a DM.

Nidhal Ben Jeddou - PeerSpot reviewer
Top 20Real User

I recommend Cisco Firepower NGFW

reviewer1128744 - PeerSpot reviewer
Top 20Real User

The ASA model is very important here.

Does the ASA has the NGFW features or it's the old legacy FW?

Did you do the proper sizing for the FG, to decide this is the suitable model?

What I expect, you have an old legacy FW (Cisco ASA) and you want to replace it with NGFW. If so, I recommend this step, but my concern is to take care of the sizing calculation, since the performance in a Cisco firewall is slightly better.

Richard Benfatto - PeerSpot reviewer
Top 5User

Confusing, costs? Cost is an elastic term that with time will determine choices. 

Fortinet is KING!. 

Cisco ASA could not come anywhere near. Not sure reasons for going to ASA, in the first place. 

The Forti OS system and the hardware appliances on most models have custom chips that provide an incredible throughput with lots of protection enabled policies otherwise, like ASA, the CPU would choke very quickly.

All that I can say is that you cannot go wrong with a FortiGate appliance. Simple as that.

Bijo Abraham - PeerSpot reviewer

Hi @Isaiah Dominic,

I would think you are upgrading your current ASA which is there for a long time with a NextGen firewall. 

I don’t understand the point of reducing the cost, since ASA is an old product, you wouldn’t be able to compare the prices. In terms of the cyber security and next-generation firewall capabilities, I would suggest looking at products from Palo Alto Networks and compare with FortiGate which price-wise would be better. 

A next-generation firewall is recommended if it is a small, medium or large environment as the cyber-attacks are exponentially high now. I would highly recommend having a look around Palo Alto vs FortiGate comparison and the pros and cons. 

I will leave it up to you and I hope this helps.

Buyer's Guide
Cisco ASA Firewall vs. Fortinet FortiGate
May 2022
Find out what your peers are saying about Cisco ASA Firewall vs. Fortinet FortiGate and other solutions. Updated: May 2022.
599,220 professionals have used our research since 2012.