We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."This solution made it very easy to manage our bandwidth."
"I have found Fortinet FortiGate to be scalable."
"I like that they have given me a solution at a fair price."
"What's most important is the ease of use."
"The solution is very easy to understand. It's not overly complex."
"From the firewall perspective, the rules and policies are very sufficient and easy to use."
"Initial setup is straightforward. There weren't too many issues with setting it up. It takes one hour or so."
"Fortinet FortiGate protects against internet-based threats, both internal and external. It is scalable, stable, easy to use, and easy to install."
"The most valuable feature is the access control list (ACL)."
"The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control."
"It is easy to create interfaces and routing, which all can be done at the GUI level."
"With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well."
"They are easy to maintain."
"All the rules are secure and we haven't had a significant malware attack in the five years that we've been using ASA Firewall. It has been a tremendous improvement for our network. However, I can't quantify the benefits in monetary terms."
"We chose Cisco because it had the full package that we were looking for."
"The stability is very good; there's no vagueness. Either it works or it doesn't, and it's also very easy to find out why."
"App-ID and User-ID have repeatedly shown value in securing business critical systems."
"The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable."
"In terms of security breaches, the product aids in categorizing and monitoring traffic, allowing for the identification of potentially malicisous or incorrectly formatted applications."
"It has the ability to create Palo Alto VM-series using software."
"The most valuable feature is the CLI."
"The initial setup was straightforward."
"We can monitor the traffic manually and detect threats. Additionally, we can block different IP addresses and URLs."
"A solid operating system with all the necessary data center security features."
"NGN, reporting and controls."
"The logs need to be better. They need to be more visible and easier to access."
"The firewall engine is not so strong as of now, in my opinion... My second concern is that, while they have Zero-day vulnerability and anti-malware features, the threat engine needs to be strengthened, its efficiency can be increased."
"One issue that I have had is that sometimes I need to monitor the traffic, so I need to filter it according to the user and which user is using it the most. I experience a bottleneck most of the time, particularly at the peak time when the number of contracts and users are at maximum."
"I don't really have anything negative to say as far as Fortinet firewalls are concerned. If anything, they can support a user a little bit better. They can stop being so time-sensitive about how much time the support call has taken, and they can help you do it yourself."
"A sandbox would be good in order to be able to inspect the emails containing spam and be able to validate the emails that contain malware, prior to delivering to the customer."
"The way everything is set up could be easier. Currently, people need a lot of experience and knowledge to administer it and to link it to devices."
"They should offer special pricing to premium partners and customers."
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."
"The GUI interface could be improved when compared to other solutions."
"Sometimes, it is not easy to troubleshoot. You need to know where to go. It took me quite awhile. It's like, "Okay, if it doesn't go smoothly here, then go find the documentation." Once you do it, it is not so bad. However, it is sometimes a steep learning curve on the troubleshooting part of it."
"Cisco is still catching up with its Firepower Next-Generation firewalls."
"For what we use it for, it ends up being the perfect product for us, but it would help if they could expand it into some of the other areas and other use cases working with speeding up and the reliability of the pushes from the policy manager."
"Maybe the dashboard could be a bit better."
"Cisco suffers from some integration issues with other products... There is a problem with the Cisco Catalyst Switches in terms of assembling bursts and having them interact properly with the Cisco Firepower."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"With Palo Alto Networks VM-Series, it is hard for me to manage its network configuration part."
"The interface is all Java-based. I would prefer an HTML5 interface."
"At the beginning of the implementation, we had some difficulties with the scripts, but Palo Alto Networks support together with a local partner finally fixed it."
"Just sometimes it can be a bit sluggish navigating through pages. That is just purely because of Java."
"In the next release, I would like to see better integration between the endpoints and the firewalls."
"We feel that the setup was complex. So, we asked the tech team about the setup process. They explained how to deploy it in the right way, which made it very simple."
"The solution needs to improve its visibility. It's not straightforward to use. Understanding the policies, authorizations, and initializing features requires careful review. The product needs to offer proper training."
"Palo Alto should update their documentation to make it more readable and provide easier-to-follow instructions through videos."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 52 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Palo Alto Networks NG Firewalls, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Juniper SRX Series Firewall and Huawei NGFW. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.
* Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.
* it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).
* I'm not sure this is the case for FTDv, but I don't think that would be different.
I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.
Neither.
I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain. And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).