We performed a comparison between Cisco Secure Firewall vs. pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco Secure Firewall and pfSense come out about equal in this comparison. Cisco ASA Firewall has a slight edge when it comes to service and support, but pfSense has an edge when it comes to pricing.
"The management console is pretty simple, so anyone who understands networking can initially deploy the solution."
"The most valuable features of Fortinet FortiGate are the different types of profiling. It has been the most effective for me. The WAF and the antivirus profile are the most effective in network protection."
"The solution has very good threat and content filtering switches."
"We are using the FortiGate 100D series. VPN, firewall, anti-malware, OTM, and intrusion prevention are useful features."
"The features that I have found most valuable are the SD-WAN and their IP4 policy."
"The stability of the solution is excellent, as it is with other Fortinet products."
"The most valuable feature is the web filter."
"The most valuable feature of Fortinet FortiGate is the simple configuration."
"The deep packet inspection is useful, but the most useful feature is application awareness. You can filter on the app rather than on a static TCP port."
"It is extremely stable I would say — at least after you deploy it."
"It joins all branches and permits employees to work outside their offices, but everything is based on high securities standards (PCI compliance)."
"This solution has good security, and it's a good product. You can trust Cisco, and there's support as well, which is really good."
"The clusters in data centers are great."
"It's a flexible solution and is well-known in the community."
"The information coming from Talos does a good job... I like the fact that Cisco is working with them and getting the information from them and updating the firewall."
"The most valuable feature is the access control list (ACL)."
"Sophos Intercept X is scalable. Currently, we have almost 30 people using it in our company."
"This solution has helped our organization by protecting our network from attacks."
"A free firewall that is a good network security appliance."
"I especially like the VPN part. It works like a charm."
"Easy to deploy and easy to use."
"I mostly like all of it. Whatever we use is valuable."
"I had some outages in the network and we provide services for our company. We sell mobile credits. The terminal gets access to our own server inside the network and if one internet fails, then the other one is still up and we have a back-up link on the devices."
"At our peak time, we have reached more than 5,000 concurrent connections."
"They can do more tests before they release new versions because I would like to be more assured. We had some experiences where they release something new and great, but some of the old features are disabled or they don't work well, which impacts the product satisfaction. The manufacturer should be able to prove that everything works or not only that it might work. This is applicable to most of the other services, software, and hardware companies. They all should work on this. We cannot trust every new release, such as a beta release, on the first day. We wait for some comments on the forums and from other companies that we know. We always wait a few weeks before we use the updated version. They should also extend the VPN client application, especially for Linux versions. Currently, it has an application for Linux devices, but it doesn't work the way we want to connect to the VPN. They use only the old connection, not the new one. They have VPN client applications for Windows and Mac, but they can add more useful features to better manage the devices and monitor the current health of each device. Such features would be helpful for our company."
"Some of the software stability could improve."
"At first glance, the interface for the device is very confusing."
"The Wi-Fi controller needs a lot of improvement."
"The support costs and licensing are sometimes so expensive."
"The firmware needs improvement because there are bugs when a new release comes through. Sometimes, the configuration changes, and it's a bit harder to see where the fail is. The first time that you have the firmware, it tends to have some issues, and it's better to wait a bit to update the equipment."
"Fortinet FortiGate is not very easy to use. The navigation could be improved to make it easier to use."
"If they could extend their fabric towards other vendor environments for integration, that would be great."
"The solution could offer better control that would allow the ability to restrictions certain features from a website."
"Integration aspects and traffic shaping need improvement."
"The stability is not the best."
"A feature that would allow me to load balance among multiple ISPs, especially since we have deployed it as a perimeter firewall, would be a great addition."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"It will be nice if they had what you traditionally would use a web application scanner for. If the solution could take a deeper look into HTTP and HTTPS traffic, that would be nice."
"Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC."
"One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection."
"Web interface could be enhanced and more user friendly."
"It would be great to add more to security."
"pfSense has some limitations in detecting site sessions. We want to control internet usage based on sites and their content, and pfSense doesn't perform this function."
"This product needs improvements with respect to reporting and auditing."
"They could improve their commercial stance and be more agile when it comes to the commercial pricing of enterprise deals."
"Many people have problems setting up the web cache for the web system."
"Network monitoring and device inventory could use some improvements. I'm using SpiceWorks for this because it never really worked in pfSense."
"Adjustment in the interfaces: I had to adjust those interfaces manually and of course that is a great feature that you can restore it but it is immediately also one point for improvement. If you don't have to adjust, if it's just stamped and it works, that's great."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Netgate pfSense is ranked 1st in Firewalls with 128 reviews. Cisco Secure Firewall is rated 8.2, while Netgate pfSense is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Meraki MX, Sophos XG, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Netgate pfSense is most compared with OPNsense, Sophos XG, Sophos UTM, KerioControl and WatchGuard Firebox. See our Cisco Secure Firewall vs. Netgate pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.