We performed a comparison between Cisco Secure Firewall vs. pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco Secure Firewall and pfSense come out about equal in this comparison. Cisco ASA Firewall has a slight edge when it comes to service and support, but pfSense has an edge when it comes to pricing.
"Fortinet FortiGate's ease of management is the most valuable feature."
"In terms of security, we have not experienced any security flaws or loopholes, and it has proven to be quite stable."
"The feature I like most is the SD-WAN. It allows you to manage more than one ISP at the same time. And there is a high-availability mode, so if one of your ISPs is down, you still have a backup."
"Our security improved from being able to put in rules and close off unwanted traffic."
"The pipe filter application is an outstanding feature."
"It is simple to manage, and there are a lot of functionalities in the same box."
"The solution is very user-friendly."
"The most valuable feature is the web filter."
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"Filtering is the best feature."
"Collaboration with other Cisco products such as ISE and others is the most valuable feature."
"ASA integrates with FirePOWER, IPS functionality, malware filtering, etc. This functionality wasn't there in the past. With its cloud architecture, Cisco can filter traffic at the engine layer. Evasive encryptions can be entered into the application, like BitTorrent or Skype. This wasn't possible to control through a traditional firewall."
"Stability, high availability of services, and very high MTBU were the most valuable features for me."
"Cisco Secure Firewall is reliable, which is why we opted for it during the pandemic for our remote users."
"The AnyConnect remote access VPN gives us an easy way to deploy remote working for our users."
"ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security."
"It has a good web cache. I used to use a DHCP server and DNS server. For my company, I use pfSense as a load balancing application."
"pfSense allows us to spread the hours of connection and do the filtering on the pfSense site."
"At our peak time, we have reached more than 5,000 concurrent connections."
"We like the fact that the product is open-source. It's free to use. There are no costs associated with it."
"A valuable feature is that the solution is open source."
"This solution has increased the level of security, given us more control, provided a deep insight into network traffic, and is a great VPN solution."
"The concurrent users are perfect for us."
"Content protection, content inspection, and the application level firewall."
"Fortinet FortiGate could improve by adding FortiAnalyzer to its solution, we should not have to use another solution. FortiAnalyzer can provide more detailed information."
"The feedback that I have received is that the performance could be better, and the user experience is not as good compared to a previous solution we used. It could be more user-friendly. Of course, it still works fine for our operations."
"We would like to see better pricing."
"The solution is very expensive."
"There is one big configuration file with no separations for the unique VDOMs. Maybe they could separate individual VDOM configuration files with the root VDOM configuration file referencing the individual VDOM config files."
"The non-error conserve mode has room for improvement."
"The pricing could always be better."
"I feel that the reporting needs to be improved."
"The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it."
"Cisco Secure Firewall should be easier to handle. It uses ASDM, which is not easy to understand. It would be better if there was direct access via HTTPS."
"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."
"I have a lot of difficulties with the solution's Firewall Management Center (FMC) and the GUI. Neither is responsive enough and should be improved."
"Cisco ASA is starting to get old and Firepower is taking over. All the good things happening are with Firepower."
"It is expensive."
"The usability of Cisco Firepower Threat Defense is an issue. The product is still under development, and the user interface is very difficult to deal with."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"My only observation is about the quality of the IPSec logs, which are difficult to interpret and are poor in filters."
"Improve analysis of logs and dashboards (control panel) with improved alert functionality."
"Netgate pfSense needs to improve the configuration for a VPN."
"It could use a little bit of improvement in the reporting."
"The solution’s interface must be improved."
"The solution requires a lot of administration."
"It should integrate with LDAP, Active Directory, etc, to improve the way in which the traces and connections of each IP, or user connected through the firewall, are shown."
"Also, simplifying the rules for the GeoIP. Making it simpler to understand would be an improvement."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Netgate pfSense is ranked 1st in Firewalls with 128 reviews. Cisco Secure Firewall is rated 8.2, while Netgate pfSense is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Meraki MX, Sophos XG, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Netgate pfSense is most compared with OPNsense, Sophos XG, KerioControl, Sophos UTM and WatchGuard Firebox. See our Cisco Secure Firewall vs. Netgate pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.