We performed a comparison between Cisco Secure Firewall vs Palo Alto Network Wildfire based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, with all other factors being more or less equal, Cisco Secure Firewall comes in a bit ahead of Palo Alto simply because of their stronger support.
"The SD-WAN feature is the most valuable. This feature evolved from link load balancing. It has helped us in terms of our uptime and privatizing applications whenever we experience an outage. The SD-WAN feature has been a plus for us. Two-factor authentication has allowed us to add more users in terms of remote working. We have two-factor authentication for remote workers to authenticate them before they get on the network."
"The interface is very good."
"The most important features with FortiGate are the web filter and application controls. We can control our internet usage and use the web filter for application purposes."
"The SD-WAN function is very developed. It has SD-WAN functionality with security features in one device. We can manage from one single console SD-WAN and the security policy."
"The solution is very user-friendly."
"We were looking for the VPN feature and controlling the inflow and outflow of all the traffic within the site and across the sites. We are also using it for the VPN and VLANs."
"Secure, user-friendly, stable, and scalable network security solution. Installation is straightforward."
"Security, SD-WAN, and Streetscape are valuable features."
"The most valuable feature for the customers is that they can control what communication is allowed and what is not allowed. That is, they can allow or deny client traffic."
"It makes it very easy to have delineated roles and responsibilities between network engineering and network security."
"The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI."
"It's a flexible solution."
"Filtering is the best feature."
"Network segmentation is the most valuable feature."
"A good intrusion prevention system and filtering."
"The most valuable feature is zone segmentation, which we utilize through the Firepower management console."
"It is the best device in comparison to other network products in the marketplace."
"The solution is scalable."
"For example, if a security Intel threat talks about an IOC. We can then go to our MSP and say, "Is there a signature for this particular type of malware that just came out?" And if they'll say yes, then we'll say, "Okay. Does it apply to these firewalls? And have we seen any hits on it?" There's absolutely value in it."
"It catches modified signatures of known viruses."
"Being an application-based firewall, this is one of the critical focus factors along with the threat prevention services it provides."
"You have better control because you define apps. You just don't define ports. You define apps, and the apps are monitored in the traffic. It is more specific than the Cisco firewall when it comes to our needs."
"Stability-wise, I rate the solution a ten out of ten since we never faced any issues."
"It is a stable solution...It is a scalable solution."
"FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."
"There are a lot of bugs I have found in the solution and it is difficult to upgrade. These areas need improvement."
"To some degree, it's almost a question as to why some of this stuff isn't simpler. For example, for an AP deployment, while it's integrated, the number of steps that you have to go through in order to get the AP up, seems like a lot."
"If they could extend their fabric towards other vendor environments for integration, that would be great."
"There could be more integration between the logging and analytical platforms to make it more seamless and integrated."
"The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall."
"The support is the main thing that needs to be improved."
"The visibility of the network can be better. The GUI can be improved for better visibility of the network flow. Other solutions have better GUI in terms of network visibility."
"Deploying configurations takes longer than it should."
"The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now."
"We have encountered problems when implementing new signatures and new versions on our firewall. Sometimes, there is a short outage of our services, and we have not been able to understand what's going on. This is an area for improvement, and it would be good to have a way to monitor and understand why there is an outage."
"We had an event recently where we had inbound traffic for SIP and we experienced an attack against our SIP endpoint, such that they were able to successfully make calls out... Both CTR, which is gathering data from multiple solutions that the vendor provides, as well as the FMC events connection, did not show any of those connections because there was not a NAT inbound which said either allow it or deny it."
"Cisco is not cheap, however, it is worth investing in these technologies."
"I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI."
"If you need to reschedule a call with the support team when you face a new issue with the product, then it may get a bit of a problem to get a hold of someone from the support team of Cisco."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"Palo Alto Networks WildFire could improve by adding support for manual submission of suspicious files and URLs. Additionally, it would be an advantage to add rule-based analysis. Currently, it uses only static and AI. We need to be able to analyze archive files."
"Management and web filtering can be improved. There should also be better reporting, particularly around web filtering."
"Our main concern is that everything has to be synced with the WildFire Cloud and has to be checked through the subscription."
"The initial setup was complex."
"I would like to see them continue on their developmental roadmap for the product."
"The deployment model could be better."
"The price could be better."
"Other vendors have some sort of bandwidth management built into the firewall itself and Palo Alto is missing that."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Palo Alto Networks WildFire is ranked 3rd in Advanced Threat Protection (ATP) with 58 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks WildFire is rated 8.4. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks WildFire writes "Good technical support and provides automatic analysis that saves us time in filtering email". Cisco Secure Firewall is most compared with Netgate pfSense, Meraki MX, Sophos XG, Palo Alto Networks NG Firewalls and Check Point NGFW, whereas Palo Alto Networks WildFire is most compared with Juniper SRX Series Firewall, Proofpoint Email Protection, Fortinet FortiSandbox, Check Point SandBlast Network and Zscaler Internet Access.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.