2017-03-23T05:17:00Z

Cisco Firepower vs. FortiGate

it_user633084 - PeerSpot reviewer
  • 23
  • 202
PeerSpot user
17

17 Answers

AL
Real User
2017-03-27T16:13:00Z
Mar 27, 2017

The short answer is it depends on what you are looking for.

FortiGates are great devices. The offer lots of features, decent and friendly UI and overall good performance, and they do it cheaper than most others. Security features and UTM are pretty good too. However, from my experience, beware of dimensioning, if you're planning to activate several of the features a FG supports (AV, IPS, WLAN Controller and such), performance can drop substantially and cause all kinds of failures, so it might be a good idea to over-dimension your hardware a bit to avoid issues.

On the other hand, I've found Cisco to be the most stable and reliable, and offer better performance of the two. They also offer better protection and Cisco Support is the best IMO. However the prices of Cisco are often higher than other vendors. ASAs are more complex so there will be a steeper learning curve for you to get going with these and the GUI (ASDM) is lacking compared to others so knowing (and loving) the CLI is a must.

In summary, go Fortinet if you're looking for decent performance, great security and easy administration at lower prices. go Cisco if you require better security, performance and reliability, and don't mind paying a little extra and spending a few more hours learning to handle them.

Hope this helps. Regards.

Product comparison that may be of interest to you
it_user635763 - PeerSpot reviewer
Consultant
2017-03-27T18:02:42Z
Mar 27, 2017

With a fraction of the cost , the FortiGate3600C vs. Cisco ASA5585-XSSP60 is an example of how Fortinet beats Cisco in price/performance, capacity and overall security.

it_user635715 - PeerSpot reviewer
Consultant
2017-03-27T16:45:00Z
Mar 27, 2017

To answer your question, let me ask a question first? What's your main target? Security first or Money First? In my point of view and based on my real experience:
- Fortinet is good if you need an appliance with many features such as: antispam, antivirus, url filtering, app control, firewall. It's all-in-one solution --> Fortinet is easy to use and maintanance. But its perfomance is not so good as show on datasheet, if you turn-on IPS, the performance decreases for about 40-50%, and so on... I see a bit of my customer turn-on this feature because of its reliable. For support service, Fortinet response is poor,

- Cisco Firepower: its performance is good, if you purchase all-in-one license, you will also have features like URL Filtering, App Control, IPS. The most interesting part is AMP feature, I think it better than Fortinet product. You can view gartner report about AMP. Sourcefire has many cool features such as traffic profiling, correlation, remediation, auto discovery (host, application, user). It also has IPS auto learning feature and can help to auto tunning/ apply appropriate signatures for your application. It also has DNS security feature (using OpenDNS) to help to mitigate botnet, other features like IP Intelligence, C&C, Phishing, Spam Source... For support service, Cisco is better, with faster response time and also escalate time when your issue is very critical. Forgot to mention, Firepower can do DPI-SSL inspection, and if your infrastructure has F5, it will better to get SSL Offload to F5 and get packet inspection by Firepower, it's a good combination.

So in conclusion, if you want best in price product, you can choose Cisco. If money is a big problem, Fortinet is a choice. Also Cisco has many products that can suitable for your environment (from Firepower 2000 series to 8000 series)

Rgds,
CuongVT

AB
Consultant
2017-10-31T15:28:03Z
Oct 31, 2017

I see a lot of these "vendor vs vendor" questions, when it really should be a question of "solution for this size network from vendor A vs vendor B".

MT
Consultant
2017-10-03T22:52:21Z
Oct 3, 2017

Cisco Next Generation firewalls use behavioral based algorithms to perform deep packet inspection. To be fair, most Next Generation firewalls have the ability to identify malicious traffic patterns. However, Cisco Open DNS is a great way to protect organizations from Ransomeware, botnets and remote access trojans. The solution is cloud based, scalable and easy to use. Cisco Open DNS blocks access to malicious websites and other compromised systems.

it_user237144 - PeerSpot reviewer
Consultant
2017-03-29T10:55:03Z
Mar 29, 2017

I would recommend Fortigate. It is easier to manage and the services which offered as UTM Bundle for IPS, AV, Anti-Spam services are excellent and it is a layer-7 firewall with very granular control of your network. The diagnose feature, packet capture and troubleshooting feature of fortigate firewall is also the best. However Cisco ASA comparitively achieves the IPS functionality through Sourcefire. The upgrade of Sourcefire takes years (Time is pretty long to do the upgrade from one version to another and it is GB sizes for a small upgrade) also the management and operational is quiet challenge in Cisco Firepower. there are alot to say for this. My choice ofcourse would be Fortinet .

Find out what your peers are saying about Cisco Secure Firewall vs. Fortinet FortiGate and other solutions. Updated: March 2024.
765,386 professionals have used our research since 2012.
PS
Real User
2017-03-28T00:00:22Z
Mar 28, 2017

Hi,

It’s tough to give a comparison without knowing what I’m comparing it with. Is there a specific Cisco Firepower model you were looking at ?

When it comes to performance between 2 vendors there are always models which can match that of the other given they stay within budget.

Cheers...

it_user418830 - PeerSpot reviewer
Vendor
2017-03-27T22:23:12Z
Mar 27, 2017

Based on Gartner Magic Quadrant and other third party evaluations. Fortinet' Fortigate consistently outperforms Cisco's Firepower. When sizing the box for performance, I would get Fortinet directly involved so you don't accidentally purchase an underpowered firewall.

it_user687783 - PeerSpot reviewer
Consultant
2017-06-20T04:46:14Z
Jun 20, 2017

Fortigate is better...

it_user429021 - PeerSpot reviewer
Vendor
2017-03-29T02:56:35Z
Mar 29, 2017

Fortigate

it_user636051 - PeerSpot reviewer
Consultant
2017-03-28T07:04:33Z
Mar 28, 2017

cisco is better on performance because it use the physical CPU that FORTINET , the last use ASIC.

NS
Consultant
2017-03-28T01:59:25Z
Mar 28, 2017

which models of Fortigates and Firepower, if the throughput and performance for the features used are comparable then it also depend how the features are used. Using all the UTM features on all traffic/all policies will slowdown the performance to some extent.
Fortigates are good with number of features enabled at the same time, on most of the traffic. Try avoiding unwanted UTM profiles on trusted traffic (eg. any inter-server traffic streams ) to improve overall performances of the box.

it_user479130 - PeerSpot reviewer
MSP
2017-03-27T22:33:47Z
Mar 27, 2017

I think you would have to state what your goals in asking for a solution are, if neither meet your requirements then 'better' is a moot point. Understanding what you want from a solution should tell you which solution best meets your business requirements.

it_user494214 - PeerSpot reviewer
Real User
2017-03-27T17:45:24Z
Mar 27, 2017

Fortinet FortiGate is a better choice looking at perfomance, fortigate uses purpose-built security processors drastically boosting performance and scalability to enable the fastest network security appliance. FortiGate uses FortiAsics and these security processors are used to scale from 1 Gbps to 1 Tbps of firewall throughput independent of packet size. This technology offers the ability to run multiple security applications without degradation in performance.

However if you're planing of using AV, Email Filter, App Ctrl, IPS, WLAN Controller and more, then you should really consider having a rightly spec appliance to prevent performance issues since IPS demands high processor usage.

it_user188481 - PeerSpot reviewer
Real User
2017-03-27T16:25:50Z
Mar 27, 2017

The Fortigate was built from the ground up as a next gen security device while the the ASA adds license features on top of its build to try to keep up with the changing security landscape, with the Firepower purchase being the latest.

Are you comfortable in the CLI? You need to be for any Cisco device.

When it comes to cost, we were able to buy two Fortigates for less than the price of one comparable ASA and setup redundancy.

it_user447369 - PeerSpot reviewer
Vendor
2017-03-27T16:08:50Z
Mar 27, 2017

The ASA is a better overall networking/VPN device trying to improve its security, while the Fortinet is a security device trying to improve its networking. As firepower develops and improves, I think the ASA will be the better overall solution. Right now, the Fortinet is ahead with more mature overall security features, but is limited with overall networking features.

it_user468345 - PeerSpot reviewer
Vendor
2017-03-27T15:51:49Z
Mar 27, 2017

I think you should look at SonicWALL'S new code 6.2.6.1-25n, it is more powerful than its competitors and also can do DPI-SSL which is the need of the hour. The Content Filtering features are simply phenomenal

Cisco Secure Firewall vs. Fortinet FortiGate comparison
We performed a comparison between Cisco Secure Firewall and Fortinet Fortigate based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below. Ease of Deployment: Users of Cisco Secure Firewall say if you are familiar with Cisco products, the deployment is easy. However, if you do not have experience using their products, it can be complex. In contrast, Fortinet Fortigate users overwhelmingly agree that deployment is easy and the...
Download Cisco Secure Firewall vs. Fortinet FortiGate comparison ReportRead more

Related Q&As