We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We use a lot of function on the IPS and it works well for us."
"The most valuable features of Fortinet FortiGate are the APIs. They are the most widely known."
"This version is stable. I don't have any issues with this solution, in our environment, it works well."
"The response is very quick and they can visually resolve our problems in a short period."
"User-friendly and affordable security solution that's recommended for SMB customers. This solution has good technical support."
"The notable features that I have found most valuable are that it includes the antivirus, and also IPS, and even SD-WAN."
"FortiGate has a very strong unified threat management system."
"Their proxy-based inspection is responsive and secure."
"The IP filter configuration for specific political and Static NAT has been most valuable."
"We have multiple secure internal networks linked with our plants. We are from a oil company, so we have multiple plant areas which need to have restricted network access. Therefore, we are using it for restricting access to the plant area."
"The main thing that I love the most is its policy and objects. Whenever I try to give access to a user, I can create an object via group creation in the object fields. This way, I am not able to enter a user in the policy repeatedly."
"FMC is very good in terms of giving a lot of visibility into what the firewall is seeing, what it's stopping, and what it's letting through. It lets the administrator have a little bit of knowledge of what's coming in or out of the device. It's excellent."
"The implementation is pretty straightforward."
"The information coming from Talos does a good job... I like the fact that Cisco is working with them and getting the information from them and updating the firewall."
"Cisco Secure Firewall is a good solution. In some ways, it is a reactive solution and we have it sitting in a whitelist mode rather than a blacklist mode. It seems to work fairly well for us."
"ASDM provides GUI for configurations. The ASDM has made configuring ASA easy. No need to memorize CLI commands."
"Centralized management is valuable because it allows us to configure settings in one location and apply them across all three locations."
"The feature that I have found the most useful is that it meets all our requirements technically."
"The most valuable features are web control and IPS/IDS."
"Palo Alto Networks VM-Series's most valuable feature is the visibility of the environment."
"The most valuable features are security and support."
"The product provides more visibility into our traffic."
"The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable."
"They now know the details about their network traffic that they did not know before: Applications that they are using and some application they did not know they were using."
"One of the features that I would like to have is to do with endpoint production, it should be integrated. For example, the firewall gets notified of any kind of forensic event that needs to be done, such as if there is a ransomware attack and how it originated, all those records have to be available from the firewall, which is not."
"I would like to see better pricing in the next release, as well as a simplification of the installation."
"The sniffing packets or packet captures, can be simplified and improved because it's a little confusing."
"Fortinet FortiGate is a firewall solution and once it's deployed, you can rest assured that your system is secure."
"Fortigate's hardware capacities could be improved."
"Technical support is good but the response time could be faster."
"Fortinet FortiGate could improve if it had a cloud-managed solution."
"The solution needs to improve its integration with cybersecurity."
"This solution could be more granular and user-friendly."
"One area that could be improved is its logging functionality. Your logs are usually displayed on the screen, but if you want to go back one or two days, then you need another solution in place because those logs are overwritten within minutes."
"I think the ASA layer is thin. It's always Layer 3 or Layer 4 source controller and doesn't control the Layer 7 traffic. It's important, and you'll need an additional firewall."
"The only drawback of the user interface is when it comes to policies. When you open it and click on the policies, you have to move manually left and right if you want to see the whole field within the cell. Checkpoint has a very detailed user interface."
"Most of the features don't work well, and some features are missing as well."
"Third-party integrations could be improved."
"They need a user-friendly interface that we could easily configure."
"Sometimes my customers say that Cisco Firewalls are a bit more difficult compared to Fortigate or Palo Alto. There is complexity in the configuration and the GUI could be improved."
"We feel that the setup was complex. So, we asked the tech team about the setup process. They explained how to deploy it in the right way, which made it very simple."
"It is not very easy to scale up the solution."
"The solution's licensing could be improved, and training should be included before installation."
"The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters."
"The only minor issue we've faced is with the app's ID configuration, which requires specific matching for application filtering."
"I would like to see a more thorough QA process. We have had some difficulties from bugs in releases."
"With Palo Alto Networks VM-Series, it is hard for me to manage its network configuration part."
"The solution must improve Zero Trust integration and use cases."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 53 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Palo Alto Networks NG Firewalls, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Juniper SRX Series Firewall and Huawei NGFW. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.
* Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.
* it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).
* I'm not sure this is the case for FTDv, but I don't think that would be different.
I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.
Neither.
I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain. And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).