We performed a comparison between Cisco Secure Firewall and Fortinet FortiGate-VM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Cisco Secure Firewall provides important functionalities like protection against threats, visibility into applications, efficient problem-solving, compatibility with other Cisco offerings, and impressive data transfer rates. Fortinet FortiGate-VM stands out for its robust security features, geofencing capabilities, user-friendly interface, and ability to adapt to varying needs.
The reviews highlight various areas where both the Cisco Secure Firewall and the Fortinet FortiGate-VM need improvement, including network performance, policy administration, customization options, centralized management, logging functionality, public cloud functionality, cloud management, technical support, MFA offerings, web filtering options, application inspection, GUI features, availability and delivery, setup process, data center clustering, throughput enhancement, web application firewall integration, integration simplicity, policy customization, and web-filtering configuration improvement.
Service and Support: The opinions on customer service for Cisco Secure Firewall are divided, with some customers appreciating their technical support, while others express concerns about delays and difficulties. Fortinet FortiGate-VM receives mixed reviews, with some satisfied customers and others suggesting that their support could be improved.
Ease of Deployment: The setup process for Cisco Secure Firewall can be more complex depending on the user's familiarity and environment, while Fortinet FortiGate-VM offers a generally straightforward and easy initial setup, with assistance provided by Fortinet.
Pricing: The cost of setting up Cisco Secure Firewall can vary, and some reviewers find it pricey due to additional expenses for licensing, support, and hardware. Fortinet FortiGate-VM is seen as competitive and more affordable than certain alternatives. It provides flexible pricing options and includes support for entitlement in the licensing fees. However, costs may rise when scaling or adding extra features.
ROI: Cisco Secure Firewall offers different levels of ROI depending on how it is used and the overall system design, whereas Fortinet FortiGate-VM delivers enhanced security and stability, potentially resulting in ROI.
Comparison Results: Fortinet FortiGate-VM is the preferred choice when comparing it to Cisco Secure Firewall. Users find the initial setup of Fortinet FortiGate-VM to be straightforward and easy. Fortinet FortiGate-VM is highly praised for its strong security features, user-friendly interface, and easy deployment.
"The scalability is good in Fortinet FortiGate."
"A strong point of FortiGate is the graphical interface is complete and easy to use."
"The most valuable features of Fortinet FortiGate are the ability to work in proxy mode, which other solutions, such as Palo Alto cannot. There are some features that are better that come at no extra license or subscriptions cost, such as basic SD-WAN. The DLT is useful, other solutions have the same feature too, such as Palo Alto."
"The pipe filter application is an outstanding feature."
"With FortiClient, you can easily connect when you are home, check out what you want to do, and connect to your network when you are not at work. You can switch on servers and you can check what is wrong."
"We are very happy with the general bandwidth agility we have seen from one website to another website."
"The most valuable feature is the VDOM, which allows the customer to have multiple firewalls in a single campus."
"The most valuable features of Fortinet FortiGate are the rules and quality of service."
"The stability of Cisco ASA is excellent compared to other products on the market. Because of our customer experience as an integrator company, our clients never report any performance problems. We have a good performance reputation with Cisco ASA."
"Its security and filtering are most valuable. Every layer of data that comes into the organization goes through it. After setting up the criteria, it automatically filters the traffic. We don't have to check it often."
"It's very scalable. You can go to different models of the ASAs and they scale up to as big as you want to go."
"Its in-depth monitoring and analysis help us to make better decisions and policies."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"We are mostly using it for remote access, so the remote access feature is the most valuable, but all other features are also needed and required. It is also a very straightforward and reliable solution."
"The TAC is always very helpful. We pay for Tier 1 support, so we get whatever we need from them. They always give us a solution. If they can't give us an answer that day, they get back to us within at least 24 hours with a solution or fix. I have never had a problem with the TAC. I would rate them as 10 out of 10."
"Because of the deeper inspection it provides we have better security and sections that allow users broader access."
"It's very easy to set up, even for more junior developers."
"I did like the ability to back up the configuration into the cloud, as opposed to having to store the configurations or just downloading them, the backups, to local devices."
"The web GUI is easy to use."
"We like FortiGate-VM's IPS features and its ability to create multiple virtual firewalls."
"The EPM bundle is a good feature."
"It provides an ease of management and configuration as well."
"In terms of specific features, I like FortiGate's load balancing, interface, and priority on the network."
"We are able to closely monitor the usages of individual users and see their usage habits and other items, including the data itself, which gives us quite a bit of visibility."
"The inability to scale the FortiAnalyzer to match our growth necessitates the purchase of new hardware."
"The firewall engine is not so strong as of now, in my opinion... My second concern is that, while they have Zero-day vulnerability and anti-malware features, the threat engine needs to be strengthened, its efficiency can be increased."
"My only complaint about FortiGate is a lack of QinQ VLAN tunneling. I haven't found this feature in any Fortinet product. You can do this on all Cisco routers, including the smaller models. However, QinQ isn't available on the biggest, most expensive Fortinet units. They still don't have that. I think now we're on software version 6.0, and they still haven't found a solution for QinQ. It isn't a dealbreaker, but that's my main complaint."
"The customization could be improved. Cisco, for example, is much better at this. They need to work to be at least as good as they are."
"Some features of Fortinet FortiGate are actually fee enabled that are inconvenient for deploying in production. Other issues relate to isolation with Cisco products and your server."
"Scalability for Fortinet FortiGate needs to be improved. SD-WAN security for this solution also needs some improvement."
"I would like to see improvements in the product's application rules."
"One of the problems I was having was with user mapping, and it is an issue for which I have escalated tickets with Fortinet support."
"While this applies to all vendors, pricing can be always lower. In my opinion, Cisco is the most expensive. The pricing can be reduced."
"We had an event recently where we had inbound traffic for SIP and we experienced an attack against our SIP endpoint, such that they were able to successfully make calls out... Both CTR, which is gathering data from multiple solutions that the vendor provides, as well as the FMC events connection, did not show any of those connections because there was not a NAT inbound which said either allow it or deny it."
"The user interface for the Firepower management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For Firepower, the user interface is not very user-friendly. It's a little bit confusing sometimes."
"The product crashes. We have a cluster of firewalls and we regularly get failovers."
"I'm not very familiar with the largest Firepower models, but competitors like Palo Alto seem to have a more capable engine to do, for instance, TLS/SSL decryption. As I understand, Firepower doesn't let you export the decrypted traffic so that, for instance, the security department can look at the traffic or inspect traffic. It's all in the box. I've heard rumors that this is something Cisco is working on, but it isn't yet available."
"I think that the solution can be improved with the integration of application-centric infrastructure. It could be used to have better solutions in one box."
"I would like to see the inclusion of more advanced antivirus features in the next release of this solution."
"Critical bugs need to be addressed before releasing the version."
"The GUI could be improved."
"To improve FortiGate-VM, Fortinet needs to harden it more. For example, if you are using Hyper-V, then you need guidelines for hardening FortiGate-VM that are specific to the Hyper-V environment. If it's VMware, there should be at least a guideline on how to harden the firewall."
"The biggest area for improvement is storage configuration. It could be smoother."
"Some issues with connecting to the VPN from home after firmware updates."
"The users must buy FortiSIEM to get advanced analytics."
"The costs could be lowered."
"We face some issues with the IPsec connection during replication."
"There should be a bit more automation."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Fortinet FortiGate-VM is ranked 9th in Firewalls with 113 reviews. Cisco Secure Firewall is rated 8.2, while Fortinet FortiGate-VM is rated 8.4. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Fortinet FortiGate-VM writes "An easy-to-manage and configure tool that provides ample documentation to help with the setup phase". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Palo Alto Networks NG Firewalls, whereas Fortinet FortiGate-VM is most compared with Azure Firewall, Palo Alto Networks VM-Series, Fortinet FortiOS, OPNsense and Netgate pfSense. See our Cisco Secure Firewall vs. Fortinet FortiGate-VM report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.