We performed a comparison between Cisco Secure Firewall vs. pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco Secure Firewall and pfSense come out about equal in this comparison. Cisco ASA Firewall has a slight edge when it comes to service and support, but pfSense has an edge when it comes to pricing.
"Fortinet FortiGate's reliability is valuable."
"One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface. I don't have to log into one interface for the firewall, another one for the access points, and another one for the switches. These firewalls have access point controller functionality built right into the system, so I don't even have to purchase additional devices to manage them."
"Customers are more inclined towards FortiGate because of application control, web filtering, and anti-spam features. The support from the FortiGate team is good, and price-wise, it is affordable."
"Fortinet FortiGate appears to be scalable."
"The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors."
"The ability to set up remote systems is the most valuable feature."
"The response is very quick and they can visually resolve our problems in a short period."
"The interface is very user-friendly and I like it very much."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"For our very specific use case, for remote access for VPN, ASAs are very good."
"I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful."
"The solution is used for the protection of the mobile data network. It is protecting 3G/4G Internet customers and the Private APN."
"We definitely feel more secure. We have more control over things going in and out of our network."
"Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility."
"The technical team is always available when we have problems."
"I have found the most valuable feature to be the access control and IPsec VPN."
"I am happy with the EPLS, the radius, and I am happy with the captive portal."
"An incomparable stability is achieved with other firewall systems."
"The initial setup is straightforward."
"The redundancy and scalability ARE very nice."
"The initial setup is easy."
"We like the fact that the product is open-source. It's free to use. There are no costs associated with it."
"It works. I put pfSense in, and it works. I can't think of any trouble I ever had with it. It runs on heat-sensitive appliances. They don't need a fan, so they don't overheat. It is affordable, fast, and very high-speed. It is built on BSD Unix, and it pretty much runs on any Intel processor."
"The solution is very easy to use and has a very nice GUI."
"One of the problems I was having was with user mapping, and it is an issue for which I have escalated tickets with Fortinet support."
"FortiGate is really good. We have been using it for quite some time. Initially, when we started off, we had around 70 plus devices of FortiGate, but then Check Point and Palo Alto took over the place. From the product perspective, there are no issues, but from the account perspective, we have had issues. Fortinet's presence in our company is very less. I don't see any Fortinet account managers talking to us, and that presence has diluted in the last two and a half or three years. We have close to 1,500 firewalls. Out of these, 60% of firewalls are from Palo Alto, and a few firewalls are from Check Point. FortiGate firewalls are very less now. It is not because of the product; it is because of the relationship. I don't think they had a good relationship with us, and there was some kind of disconnect for a very long time. The relationship between their accounts team and my leadership team seems to be the reason for phasing out FortiGate."
"Some of the filtering is not robust, you can escape it with a VPN. Some of the users bypass some of the filters. It catches some but it also misses some, that area could be improved. It's functioning reasonably but there's room for improvement in that area."
"I would suggest that Fortinet add sandboxing to their solution."
"It needs more available central management."
"The feature which gives us a lot of pain is ASIC architecture."
"The solution is very expensive."
"The stability of Fortinet FortiGate could improve."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"The Cisco Secure Firewall could benefit from enhancements in its API, documentation, and automation tools."
"The policies module in FMC specifically isn't the most user-friendly. Coming from Cisco ASA, Cisco ASA is a little bit easier to use. When you get into particularly complex deployments where you have a lot of different interfaces and all that kind of stuff, it's a little bit tricky. Some usability improvements there would be nice."
"The one thing that the ASAs don't have is a central management point. We have a lot of our environments on FTD right now. So, we are using a Firewall Management Center (FMC) to manage all those. The ASAs don't really have that, but they are easy to use if you physically go into them and manage them."
"They need to do an overhaul of the management console."
"It could use a web-based portal for VPN. Earlier they had it in the ASA model, but currently they don't have it."
"Integration aspects and traffic shaping need improvement."
"I think the ASA layer is thin. It's always Layer 3 or Layer 4 source controller and doesn't control the Layer 7 traffic. It's important, and you'll need an additional firewall."
"Web interface could be enhanced and more user friendly."
"I have been using WireGuard VPN because it is a lot faster and more secure than an open VPN. However, in the latest version of pfSense, they have removed this feature, which is one of the main features that I need. They should include this feature."
"I'd like to find something in pfSense that is more specific to URL filtering. We have customers who would like to filter their web traffic. They would like to be able to say to their employees, "You can surf the web, but you cannot get access to Facebook or other social media," or "You can surf the web, but you're not allowed to gamble or watch porn on the web." My technicians say that doing this kind of stuff with pfSense nowadays is not easy. They can implement some filters using IP addresses but not by using the names of the domains and categories. So, we are not able to exclude some categories from the allowed traffic, such as porn, gambling, etc. To do that, we have to use another product and another web filter that uses DNS. I know that there are some third-party products that could work with pfSense, but I'd like the native pfSense solution to do that."
"Other solutions provide more scope for growth. For instance, we can have only 10 to 20 employees on VPN, but other solutions can support more users. We also have more capabilities to increase the performance of the solution."
"The product must provide integration with other solutions."
"The integration of pfSense with EPS and EDS could be better. Also, it should be easier to get reports on how many users are connecting simultaneously and how sections connect in real-time."
"The solution could use better reporting. They need to offer more of it in general. Right now, the graphics aren't the best. If you need to provide a report to a manager, for example, it doesn't look great. They need to make it easier to understand and give users the ability to customize them."
"It would be great to add more to security."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Netgate pfSense is ranked 1st in Firewalls with 128 reviews. Cisco Secure Firewall is rated 8.2, while Netgate pfSense is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Meraki MX, Sophos XG, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Netgate pfSense is most compared with OPNsense, Sophos XG, Sophos UTM, KerioControl and WatchGuard Firebox. See our Cisco Secure Firewall vs. Netgate pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.