2022-05-06T05:55:00Z
ID
User at Zm3
  • 7
  • 309

Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?

Hi community members,

I'm considering replacing a Cisco ASA Firewall with Fortinet FortiGate FG 100F. This is in order to reduce the cost.

Is this the right thing to do? What would be your advice? Please elaborate.

Thank you for your help!

8
PeerSpot user
8 Answers
DanielValente - PeerSpot reviewer
Head of Platforms and Infrastructure at LOQR
User
2022-05-09T21:41:50Z
May 9, 2022

Hi, 


You are comparing a piece of old equipment with a true next-gen firewall. 


Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent. 


But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.

Product comparison that may be of interest to you
Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 5
2022-05-11T12:43:17Z
May 11, 2022

Chalk and cheese! 


I'd never said they were exactly the same. I just said they are good enough to do the job. Of course, the newer device is better in quantity of functions and options (no matter the brand) but again if the first device is working, why change it. What is the real need to make such a big change without a real need to do it? It's not affordable for most organizations.


What is your goal,@Isaiah Dominic? Please tell us what functions you need from FortiGate which are not there, in Cisco ASA?


Again, how are you gonna reduce the cost of buyying somethig to replace some gear you already have doing the job, @Isaiah Dominic? What are your use cases? I'm not supporting the Cisco brand (trust me I dont like it, ) but maybe ii's because my English isn't that good but I dont get it.


Good luck!

Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 5
2022-05-09T14:50:19Z
May 9, 2022

Hi @Isaiah Dominic,



I have a few questions:
Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:

I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it? 


If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?

Both devices are good enough.

I expect this could help you, 


Good luck!

RB
Networking Security Expert at SR Technologies
User
Top 5
May 11, 2022

@Luis Apodaca no they are not. It is chalk and cheese.

PeerSpot user
Mohamed El-Sherbini - PeerSpot reviewer
IT Manager at Mada Insurance
Real User
Top 5
2022-05-15T06:40:47Z
May 15, 2022

Highly recommended 


You'll find extreme differences between both, especially in cost and support. 


For any inquiries don't hesitate to send me a DM.

NB
Information Technology Support Manager at a financial services firm with 51-200 employees
Real User
Top 20
2022-05-11T13:32:34Z
May 11, 2022

I recommend Cisco Firepower NGFW

RS
Manager Network & Communication Engineer at a transportation company with 1,001-5,000 employees
Real User
Top 20
2022-05-11T10:02:24Z
May 11, 2022

The ASA model is very important here.


Does the ASA has the NGFW features or it's the old legacy FW?


Did you do the proper sizing for the FG, to decide this is the suitable model?


What I expect, you have an old legacy FW (Cisco ASA) and you want to replace it with NGFW. If so, I recommend this step, but my concern is to take care of the sizing calculation, since the performance in a Cisco firewall is slightly better.

Find out what your peers are saying about Cisco Secure Firewall vs. Fortinet FortiGate and other solutions. Updated: January 2023.
672,785 professionals have used our research since 2012.
RB
Networking Security Expert at SR Technologies
User
Top 5
2022-05-11T00:21:21Z
May 11, 2022

Confusing, costs? Cost is an elastic term that with time will determine choices. 


Fortinet is KING!. 


Cisco ASA could not come anywhere near. Not sure reasons for going to ASA, in the first place. 


The Forti OS system and the hardware appliances on most models have custom chips that provide an incredible throughput with lots of protection enabled policies otherwise, like ASA, the CPU would choke very quickly.


All that I can say is that you cannot go wrong with a FortiGate appliance. Simple as that.

Bijo Abraham - PeerSpot reviewer
Technical Consultant | Network and Security at Interconnect Consulting Limited
User
2022-05-09T23:48:46Z
May 9, 2022

Hi @Isaiah Dominic,


I would think you are upgrading your current ASA which is there for a long time with a NextGen firewall. 


I don’t understand the point of reducing the cost, since ASA is an old product, you wouldn’t be able to compare the prices. In terms of the cyber security and next-generation firewall capabilities, I would suggest looking at products from Palo Alto Networks and compare with FortiGate which price-wise would be better. 


A next-generation firewall is recommended if it is a small, medium or large environment as the cyber-attacks are exponentially high now. I would highly recommend having a look around Palo Alto vs FortiGate comparison and the pros and cons. 


I will leave it up to you and I hope this helps.

Related Questions
FF
User at PT. Manunggal Integrasi Sejahtera
Jan 27, 2023
Hello peers,  I work at a small tech company and am researching firewalls. Which solution do you prefer: Juniper SRX4200 or FortiGate 1800? Can you please compare the two solutions? Thank you for your help.
See 1 answer
Sandi Tehendi - PeerSpot reviewer
Technical Specialist - Head of Presales at Artha Mitra Interdata
Jan 27, 2023
Hi Fahrorozi,If I have to choose between these two, I will choose FG 1800. Reasons:1. More flexible ports to use from 1G to 40G2. Includes SSL VPN / client VPN for users3. Has better web management than SRX4. From the datasheet, some of the throughputs are also larger (IPv4 FW throughput, Max Session, Max Policies, etc).But you need to know what you need for your company.- Maybe you only need a 10G interface instead of a 1G- Maybe you don't need the SSL VPN / Client VPN- You also don't need a large throughput.Hope this helps.
Guillermo Read - PeerSpot reviewer
Advisory Engineer - Telecommunications Solution Design at Claro RD
Jan 20, 2023
Hello community, I am an Advisory Engineer at a large comms services company. I am currently researching Fortinet's firewall solutions. Which Fortinet firewall model is the equivalent of Sophos XG 450? Thank you for your help.
2 out of 3 answers
CR
Director at REDCO
Jan 20, 2023
According to the datasheet, it can be the 400F, but I almost think that with 200F it can work without a problem, the detail is that XG is the previous generation. At the moment, they are the XGS of SOPHOS.
William Yragui - PeerSpot reviewer
President at infobond
Jan 20, 2023
The XG 450 supports 2 10Gb SFP+ slots and 8 GE ports. A Fortinet FG200F supports 4 10Gb SFP+ slots, 8 GE SFP slots, and 18 GE ports. A Fortinet FG400F supports 8 10Gb SFP+ slots, 8 GE SFP slots, and 18 GE ports. Barebones the Sophos XV 450 carries a list price of $11,823, whereas an FG200F costs $5,544, and the FG400F, $11,523.  What I look for is the ability of a firewall to decrypt SSL sessions. Given that 80% or more of your network traffic will be encrypted, the firewall has to be able to decrypt packets to find malware. The Sophos XG 450 can inspect 770 Mbps of SSL traffic. The FG200F will inspect 4 Gbps and the FG400F will inspect 8 Gbps of SSL traffic. The Sophos XG 450 has a threat protection throughput of 3.4 Gbps whereas the FG200F datasheet states 3.5 Gbps and the FG400F,  has 9 Gbps of threat protection throughput.
Product Comparisons
Download Free Report
Download our FREE report comparing Cisco Secure Firewall and Fortinet FortiGate based on reviews, features, and more! Updated: January 2023.
DOWNLOAD NOW
672,785 professionals have used our research since 2012.