We performed a comparison between Cisco Secure Firewall vs. pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco Secure Firewall and pfSense come out about equal in this comparison. Cisco ASA Firewall has a slight edge when it comes to service and support, but pfSense has an edge when it comes to pricing.
"FortiGate Secure SD-WAN includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering."
"A strong point of FortiGate is the graphical interface is complete and easy to use."
"Anti-Spam web content filterinG."
"The security fabric is excellent."
"Customers want to load balance more than eight lines or six internet lines. FortiGate is the only solution that can accomplish this."
"The initial setup is straightforward."
"The most valuable feature of Fortinet FortiGate is URL filtering."
"Virtual Domains (VDOMs) are a feature that we found valuable."
"The most valuable feature for the customers is that they can control what communication is allowed and what is not allowed. That is, they can allow or deny client traffic."
"I like that it is easy to change the settings."
"I like all of the features."
"This solution made our organization more secure and gave us better control."
"An efficient, easy to deploy and dependable firewall solution."
"It is much better than most of the other firewalls that I have worked with."
"The most valuable feature of Cisco Secure Firewall is its ease of configuration and that it's scalable for firewalls and VPNs."
"Cisco Secure Firewall's security solutions, advanced malware protection, and DDoS communication are very good."
"The most valuable feature, for instance, is the ease of migrating configurations between different Netgate devices housed in the same box."
"Improved service performance and availability through redundancy."
"pfSense helped us during COVID-19 because we used OpenVPN to connect from home."
"The VPN is my favorite feature."
"We've found the stability to be very good overall."
"I have found the firewall portion for the blocking most valuable."
"Routing, load balancing, Traffic Limiter and queues. Since this company relies on an Internet connection, having these features is a must."
"The main features of this solution are customization and ease to use."
"The solution could be more secure and stable."
"I use the FortiGate 60D model and realized the 300Mbps bandwidth limitation. Because it is a product that offers many services, I think it could have greater bandwidth capacity."
"My only complaint about FortiGate is a lack of QinQ VLAN tunneling. I haven't found this feature in any Fortinet product. You can do this on all Cisco routers, including the smaller models. However, QinQ isn't available on the biggest, most expensive Fortinet units. They still don't have that. I think now we're on software version 6.0, and they still haven't found a solution for QinQ. It isn't a dealbreaker, but that's my main complaint."
"I don't really have anything negative to say as far as Fortinet firewalls are concerned. If anything, they can support a user a little bit better. They can stop being so time-sensitive about how much time the support call has taken, and they can help you do it yourself."
"In some cases, its initial setup could be hard for customers."
"The firewall engine is not so strong as of now, in my opinion... My second concern is that, while they have Zero-day vulnerability and anti-malware features, the threat engine needs to be strengthened, its efficiency can be increased."
"Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%."
"The stability of Fortinet FortiGate could improve."
"The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now."
"I think the ASA layer is thin. It's always Layer 3 or Layer 4 source controller and doesn't control the Layer 7 traffic. It's important, and you'll need an additional firewall."
"They need to do an overhaul of the management console."
"I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon."
"The SSL VPN is, and always has been, painful to configure and the Java plugin does not guarantee a uniform deployment."
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."
"Nowadays, nobody is in the office, so I need to figure out how to put the firewall outside. If I could have a centralized firewall that also receives information from external locations, like peoples' home offices, that would help us consolidate everything into one appliance."
"You shouldn't have to use the ASDM to help manage the client."
"As an open-source solution, there are so many loopholes happening within the product. By design, no one is taking ownership of it, and that is worrisome to me."
"Also, simplifying the rules for the GeoIP. Making it simpler to understand would be an improvement."
"ClamAV AntiVirus can cause some crashes. That service should be improved."
"The solution could always work at being more secure. It's a good idea to continue to work on security features and capabilities in order to ensure they can keep clients safe."
"The hotspot and the portal feature in this solution are not stable for WiFi access. We use it at least once or twice every day and it crashes. Some modules can be better by improving detection and having new updates. Additionally, we have some issues with clustering and load balancing that could improve."
"We have not had any problems with it, and we also do not have a need for any new features. If anything, its reporting can be better. Sophos has better reporting than pfSense. Sophos has more detailed information. pfSense is not as detailed. It is summarized."
"The integration of pfSense with EPS and EDS could be better. Also, it should be easier to get reports on how many users are connecting simultaneously and how sections connect in real-time."
"The product must provide integration with other solutions."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Netgate pfSense is ranked 1st in Firewalls with 128 reviews. Cisco Secure Firewall is rated 8.2, while Netgate pfSense is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Meraki MX, Sophos XG, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Netgate pfSense is most compared with OPNsense, Sophos XG, Sophos UTM, KerioControl and WatchGuard Firebox. See our Cisco Secure Firewall vs. Netgate pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.