We performed a comparison between Cisco Secure Firewall vs. pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco Secure Firewall and pfSense come out about equal in this comparison. Cisco ASA Firewall has a slight edge when it comes to service and support, but pfSense has an edge when it comes to pricing.
"It has improved our security capabilities."
"The email protection and VPN features are the most valuable."
"The most valuable feature of Fortinet FortiGate is security. They are known for efficiency and are on the top of Gartner Quadrant reviews. Fortinet FortiGate has an easy-to-use platform with a good graphical interface. The configuration is simple and the solution provides an overall good layer of security."
"It can expand easily."
"The usage in general is pretty good."
"Our security improved from being able to put in rules and close off unwanted traffic."
"The most important feature, normally for small business customers, is link load balancing."
"The product is very stable, easy to troubleshoot, and configure, so it has reduced the time it takes for support."
"It helped us a lot with our VPNs for the home office during COVID. There has been more security and flexibility for VPNs and other applications."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"The initial setup was completely straightforward."
"Cisco Secure Firewall made it easier so that more than one person can handle things. We are able to have a bigger team that can handle simple tasks and have a smaller team focus on the deep-dive needs."
"At this point, we find that this product has high productivity and high availability and there is no need for improvement."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"Its security and filtering are most valuable. Every layer of data that comes into the organization goes through it. After setting up the criteria, it automatically filters the traffic. We don't have to check it often."
"Cisco Secure Firewall is a good solution. In some ways, it is a reactive solution and we have it sitting in a whitelist mode rather than a blacklist mode. It seems to work fairly well for us."
"The most valuable feature, for instance, is the ease of migrating configurations between different Netgate devices housed in the same box."
"Firewall system for small, medium, and large data networks. It allows you to provide security to your environment: DMZ networks, LAN, WAN, etc."
"The most valuable features of pfSense are security, user-friendliness, and helpful online management."
"The solution is fairly scalable when it comes to integrating with other applications and data sets."
"Super easy to manage. Anyone who has been working with firewalls can handle it."
"The redundancy and scalability ARE very nice."
"I have found pfSense to be stable."
"I have found the most valuable features to be antivirus and malware protection."
"You do need some IT knowledge in order to effectively work with the solution."
"They need faster serviceability and more security features."
"It should come integrated or have its own type of network monitor tool in a module. There should just be one package, and you are good to go."
"The inability to scale the FortiAnalyzer to match our growth necessitates the purchase of new hardware."
"The process of configuring firewall rules appears excessively complex."
"It would be nice if FortiGate incorporated some built-in endpoint protection features. I would also like a built-in SOC dashboard for managing multiple Fortinet firewalls."
"The logging details need to be improved."
"I don't like that anything more than very basic reporting is not included."
"We have more than one Cisco firewall and it is difficult for me to integrate both on the single UI."
"ASDM needs to be able to customize applets."
"Nowadays, nobody is in the office, so I need to figure out how to put the firewall outside. If I could have a centralized firewall that also receives information from external locations, like peoples' home offices, that would help us consolidate everything into one appliance."
"We are replacing ASA with FTD which offers many new features not available using ASA."
"The one thing that the ASAs don't have is a central management point. We have a lot of our environments on FTD right now. So, we are using a Firewall Management Center (FMC) to manage all those. The ASAs don't really have that, but they are easy to use if you physically go into them and manage them."
"The security features in the URL category need more improvement."
"In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"The access control aspect of the product could be improved."
"They can improve the dynamic of the input of IPs from outside."
"There are some bias issues and some intrusions in our network that have to be addressed. So, we're thinking of changing this firewall to something like a professional hardware-enabled firewall."
"A way to clean squid cache from the GUI."
"Perhaps the documentation is not clear and because it is supported in the community there is no basic documentation."
"Adjustment in the interfaces: I had to adjust those interfaces manually and of course that is a great feature that you can restore it but it is immediately also one point for improvement. If you don't have to adjust, if it's just stamped and it works, that's great."
"For the third-party packages, I'd rather have it built-in, like a core feature of pfSense, part of the core model."
"Many people have problems setting up the web cache for the web system."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Netgate pfSense is ranked 1st in Firewalls with 128 reviews. Cisco Secure Firewall is rated 8.2, while Netgate pfSense is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Meraki MX, Sophos XG, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Netgate pfSense is most compared with OPNsense, Sophos XG, Sophos UTM, KerioControl and WatchGuard Firebox. See our Cisco Secure Firewall vs. Netgate pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.