We performed a comparison between Cisco Secure Firewall vs. pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco Secure Firewall and pfSense come out about equal in this comparison. Cisco ASA Firewall has a slight edge when it comes to service and support, but pfSense has an edge when it comes to pricing.
"It's very easy to configure."
"The reporting you receive out of this appliance is excellent. You will not need an external management system."
"The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors."
"Security management tool that's easy to integrate and easy to work with. No issues found with its stability and scalability."
"Using this product makes the VPN seamless and almost invisible to me in the sense that I don't have to think about it."
"We use the filtering feature the most. It has filtering and inbuilt securities. We can create customized rules to define which users can access a particular type of site. We can create policies inside the firewall."
"Their interface is very easy to use, it is without bugs."
"It enables our organization to become more productive. Also, it protects our NEtWare from viruses and malware."
"For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out, and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world."
"It's protecting the organization against the impact of cyber threats and cybersecurity. We run manufacturing plants that have hazardous material, and we don't want that manufacturing process to be impacted by break-in exposure, cyber threats, or any other similar thing."
"The grouping of the solutions helps save time. If you have a problem and you have a high-level overview of the system, you can easily dig deeper into the problem. For example, I can check to see why ASA isn't working but the reason for the outage is actually because of Duo. I can spend a lot of time working in the wrong direction because I didn't have an overview."
"It is a very user-friendly product."
"Our company operates in Saudi Arabia, primarily working with government sectors. If any hardware malfunctions, the defective device is removed, and we receive a replacement from the reseller. We have not encountered any issues related to delays in receiving replacements for malfunctioning devices which has been beneficial."
"The AnyConnect remote access VPN gives us an easy way to deploy remote working for our users."
"The stability is very good; there's no vagueness. Either it works or it doesn't, and it's also very easy to find out why."
"The GUI is among the most valuable features,"
"I can manage it easily by myself."
"The initial setup was simple and fast."
"Easy to deploy and easy to use."
"Is good at blocking IP addresses."
"We've found the stability to be very good overall."
"Its reliability and cost-effectiveness stand out."
"The gain in performance and security from configuring the VPN connections was significant."
"The redundancy and scalability ARE very nice."
"They should improve the interface to make it more user-friendly."
"We'd like more management across other integrations."
"Its price could be better."
"NGN, reporting and controls."
"I would like to see improvements made to the dashboard and UI, as well as to the reporting."
"To some degree, it's almost a question as to why some of this stuff isn't simpler. For example, for an AP deployment, while it's integrated, the number of steps that you have to go through in order to get the AP up, seems like a lot."
"To the best of my knowledge, Fortinet does not have a CASB solution and Fortinet does not have a Zero trust solution."
"In some cases, its initial setup could be hard for customers."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"It would be good if Cisco made sure that the solution supports all routing protocols. Sometimes it doesn't."
"I'm not very familiar with the largest Firepower models, but competitors like Palo Alto seem to have a more capable engine to do, for instance, TLS/SSL decryption. As I understand, Firepower doesn't let you export the decrypted traffic so that, for instance, the security department can look at the traffic or inspect traffic. It's all in the box. I've heard rumors that this is something Cisco is working on, but it isn't yet available."
"You need to have a little bit of knowledge to be able to configure it. Otherwise, it would be very difficult to configure because there is no GUI. The latest software available in the market has a GUI and probably zero-touch provisioning and auto-configuration. All these things are not available in our version. You need to manually go and configure everything in the switch. In terms of new features, we would definitely want to have URL-based filtering, traffic steering, and probably a little bit steering in the bandwidth based on the per-user level and per-user group. We will definitely need some of these features in the near future."
"The process of procuring modern-day technology within the DOD needs to improve."
"One feature lacking is superior anti-virus protection, which must be added."
"We wanted to integrate Firepower with our solution, but it didn't have the capability to accommodate our bandwidth since they only had two 10 gig interfaces on the box. We run way more than that through our network because we are a service provider, providing Internet to our customers."
"Cisco Secure Firewall's integration with cloud providers has room for improvement. We could do more in terms of integration, for example, if we had a tag on an instance."
"Perhaps the documentation is not clear and because it is supported in the community there is no basic documentation."
"Ultimately, we'd like something stronger, and something that can handle threats better in real-time."
"The integration could be improved."
"If a user doesn't have a large amount of experience in Linux systems, they will have problems using this solution. Users need to be highly skilled in troubleshooting competency. Users who do not have such skills will find the product difficult to use."
"They can improve the dynamic of the input of IPs from outside."
"More documentation would be great, especially on new features because sometimes, when new features come out, you don't get to understand them right off the bat. You have to really spend a lot of time understanding them. So, more documentation would be awesome."
"Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually."
"As an open-source solution, there are so many loopholes happening within the product. By design, no one is taking ownership of it, and that is worrisome to me."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Netgate pfSense is ranked 1st in Firewalls with 128 reviews. Cisco Secure Firewall is rated 8.2, while Netgate pfSense is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Meraki MX, Sophos XG, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Netgate pfSense is most compared with OPNsense, Sophos XG, Sophos UTM, KerioControl and WatchGuard Firebox. See our Cisco Secure Firewall vs. Netgate pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.