We performed a comparison between Cisco Secure Firewall and Fortinet Fortigate based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Fortinet Fortigate comes out on top. Its ease of deployment combined with its solid set of features and excellent service and support ratings make it a more desirable solution than Cisco Secure Firewall.
"IPS and Snort are very important because they also differentiate Cisco from other vendors and competitors."
"Technical support services are excellent."
"Easy to deploy in a working environment between servers and users."
"Cisco Secure Firewall's security solutions, advanced malware protection, and DDoS communication are very good."
"It is pretty stable. I haven't seen many issues during the past four years."
"Its efficiency and security are the most important. We are more efficient and more secure."
"The most valuable feature is zone segmentation, which we utilize through the Firepower management console."
"The most valuable features are the flexibility and level of security that this solution provides."
"It's very easy to configure."
"Good performance, stability, and virtual domain ability."
"The solution is very easy to understand. It's not overly complex."
"I like Fortinet's cloud management. It allows me to manage all my devices in different branches for three cloud accounts. Even though I use on-prem devices, I can manage everything on the cloud."
"The SD-WAN is the most valuable feature."
"The solution is stable."
"I like how we can achieve total integration."
"The interface is very user-friendly and I like it very much."
"The product would be improved if the GUI could be brought into the 21st Century."
"It would be great if some of the load times were faster."
"I would like for them to develop better integration with other security platforms."
"It could also use a reporting dashboard."
"We are Cisco partners, and when we recommend Cisco FirePower to customers, they always think that FirePower is bad. For a single installation of FirePower, if I have to write about 18 tickets to Cisco, it's a big problem. There was an issue was related to Azure. We had Active Directory in Azure. The clients had to connect to FirePower through Azure. We had a lot of group policies. After two group policies, we had to make groups in Azure, and they had to sign in and sign back. It was a triple-layer authentication, and there was a big problem, so we didn't use it."
"I don't have any specific improvements to recommend. However, when you compare the throughput of a Cisco firewall to the competitors, especially Fortinet, what you find is that Cisco has lagged a little bit behind in terms of firewall throughput, especially for the price that you pay for that throughput."
"I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon."
"Cisco ASA is not a next-generation firewall product."
"There can be more security in hybrid implementations. When a customer has a hybrid environment where some parts are in the cloud, we need a consistent security solution for such scenarios."
"FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."
"The sniffing packets or packet captures, can be simplified and improved because it's a little confusing."
"There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering."
"I feel that the reporting needs to be improved."
"Fortinet FortiGate could improve by having better visibility. Palo Alto has better visibility."
"Lacks training for new features."
"Their software support needs improvement. I would prefer to have better support for bug fixes. Sometimes, we open a ticket, and it is very difficult to get a solution. Specifically, we are not at all happy with their support for load balancing."
Cisco Secure Firewall is ranked 4th in Firewalls with 112 reviews while Fortinet FortiGate is ranked 2nd in Firewalls with 67 reviews. Cisco Secure Firewall is rated 8.2, while Fortinet FortiGate is rated 8.4. The top reviewer of Cisco Secure Firewall writes "Includes multiple tools that help manage and troubleshoot, but needs SD-WAN for load balancing". On the other hand, the top reviewer of Fortinet FortiGate writes "Efficient, user-friendly, and affordable". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Juniper SRX Series Firewall, whereas Fortinet FortiGate is most compared with Sophos XG, Netgate pfSense, Meraki MX, Check Point NGFW and WatchGuard Firebox. See our Cisco Secure Firewall vs. Fortinet FortiGate report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.