We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is easy to use. We chose this product for the possibility to have virtual domains (VDOMs). We are building another company in the group, and we would like to split the firewalling rules and policies between these two companies. Each company would be able to manage its own policies and security rules, which is an advantage of Fortinet FortiGate. We can define VDOMs, and every company can manage its own VDOM as if it has its own physical firewall, but in fact, we would be using the same physical appliance because we are also using the same internet lines. So, it allows us to reuse the existing resources without the disadvantage of having to compromise on policies and security. Each company can choose its own way of working."
"The flexibility and ease of configuration are the most valuable features."
"The pricing is excellent. It's much less expensive than Cisco."
"This is an easy solution to deploy."
"We can use our devices to check all of the perimeters. It secures email websites."
"Fortigate is very scalable to serve our customers' needs. We have scaled already from fifty to more than a hundred instances of Fortinet FortiGate. Around 20 staff are required for deployment and maintenance, mostly engineers."
"A strong point of FortiGate is the graphical interface is complete and easy to use."
"The next-generation firewall is great."
"The best features are stability and scalability."
"This solution helped us to identify the key areas where we need to focus to block traffic that is malicious to our organization."
"It's a flexible solution and is well-known in the community."
"The fact that we can use Firepower Management Center gives us visibility. It allows us to see and manage the traffic that is going through the network."
"I think Cisco ASA Firewall is the most stable firewall solution."
"It's very scalable. You can go to different models of the ASAs and they scale up to as big as you want to go."
"They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. So that is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities."
"With Cisco, there are a lot of features such as the network map. Cisco builds the whole network map of the machines you have behind your firewall and gives you insight into the vulnerabilities and attributes that the host has. Checkpoint and Fortinet don't have that functionality directly on the firewall."
"It has the ability to create Palo Alto VM-series using software."
"The most valuable feature is that you can control your traffic flowing out and coming it, allowing you to apply malware and threat protection, as well as vulnerability checks."
"In Palo Alto the most important feature is the App-ID."
"The most valuable feature is the CLI."
"It is an easy-to-scale product."
"It scales linearly with load and no issues."
"The filtering feature is good."
"I have not actually called their support line, because we have a direct contact to a senior engineer in the company for any issues that we handle with them. I will say they are very responsive, and they do give you the information you need when you need it."
"The logging details need to be improved."
"Price, of course, can always be more competitive or better."
"There is one big configuration file with no separations for the unique VDOMs. Maybe they could separate individual VDOM configuration files with the root VDOM configuration file referencing the individual VDOM config files."
"They need to improve their technical support."
"There are some tiny bugs that sometimes affect the operations. In the past revision of it, there was a bug. Because of the bug, we had to downgrade the version. It happened only with the last revision."
"Its filtering is sometimes too precise or strict. We sometimes have to bypass and authorize some of the sites, but they get blocked. We know that they are trusted sites, but they are blocked, and we don't know why."
"While FortiGate is cheaper than most other solutions, we're seeing increased license renewal costs. Most of our clients are asking for more significant discounts because the price is going up."
"They should make the rule sets more understandable for the end user. When you're trying to explain to somebody how a computer network is secured, sometimes it's difficult for an end user or customer to understand. If there was a way to make the terminology more accessible to the end user, the set up could be easier. They should translate the technical jargon to an easily relatable and understandable conversation for the end user, the customer, that would be brilliant. Particularly in an environment where the IT structure is audited regularly, there's always pressure from the auditor to up the standards and up the security and you get your USCERT's that come out and there's a warning about this and the customer will want to lock out so much and when you apply it they run into issue where they can't search the internet or print to their remote office. Of course they can't print to your remote office, they just locked it up. They should make the language more understandable for the customer. If there's a product out there that made the jargon understandable to John Q. Public, I would buy that."
"The solution has not had any layer upgrades. It does not have layer five and upwards, it only has up to layer four. This has caused some problems for us."
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."
"We found it difficult to publish an antennae sidewalk with the ASDM. I think Cisco should improve this by creating a simpler interface for the firewall."
"The software was very buggy, to the point it had to be removed."
"I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than with ASAv."
"In today's world, cyberattacks have become a common occurrence. However, so far, we have not faced any issues with our systems. I hope the situation remains the same in the future. If Cisco introduces even more advanced security measures, it would be beneficial."
"Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this."
"It would be great if some of the load times were faster."
"Integrative capabilities with other solutions should be addressed."
"The DLP functionality or data classification can be improved in the solution's basic firewalling."
"We have ran into issues with Palo Alto’s limitations for resolving large IP lists from DNS lookups, as well as the antivirus interfering with App-ID."
"The product could be better in terms of performance than one of its competitors."
"In the next release, I would like to see better integration of multi-factor authentication vendors."
"The product could provide protection above Layer 3, which gets into the application layer and provides better visibility into those aspects of application security."
"It has to be more scalable for the deployment of VMs on the cloud."
"The only minor issue we've faced is with the app's ID configuration, which requires specific matching for application filtering."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 53 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Palo Alto Networks NG Firewalls, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Juniper SRX Series Firewall and Huawei NGFW. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.
* Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.
* it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).
* I'm not sure this is the case for FTDv, but I don't think that would be different.
I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.
Neither.
I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain. And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).