We just raised a $30M Series A: Read our story

Compare Cisco ASA Firewall vs. Palo Alto Networks VM-Series

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about Cisco ASA Firewall vs. Palo Alto Networks VM-Series and other solutions. Updated: November 2021.
554,586 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses.""I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable.""The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic.""The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands.""It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS.""The most valuable features of this solution are the integrations and IPS throughput.""Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.""The most valuable feature is the access control list (ACL)."

More Cisco Firepower NGFW Firewall Pros »

"On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you.""Unfortunately in Cisco, only the hardware was good.""It is extremely stable I would say — at least after you deploy it.""Cisco ASA provides us with very good application visibility and control.""If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering.""The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one.""It's a flexible solution and is well-known in the community.""I have found the stability of this solution really good. This is why I use it."

More Cisco ASA Firewall Pros »

"The feature that I have found the most useful is that it meets all our requirements technically.""The initial setup was straightforward.""The interface with Panorama makes it very easy to use.""It has excellent scalability.""The most valuable aspects of this solution are that it's simple and stable. It has better security aspects compared to other similar solutions.""The most valuable features are the User ID, URL filtering, and application filtering.""The most valuable feature is the Posture Assessment.""The most valuable feature is that you can control your traffic flowing out and coming it, allowing you to apply malware and threat protection, as well as vulnerability checks."

More Palo Alto Networks VM-Series Pros »

Cons
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement.""One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically.""Deploying configurations takes longer than it should.""The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team.""The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved.""An area of improvement for this solution is the console visualization.""FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively.""The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."

More Cisco Firepower NGFW Firewall Cons »

"I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI.""The solution has not had any layer upgrades. It does not have layer five and upwards, it only has up to layer four. This has caused some problems for us.""If the implementation was easier, it would be a lot better for us.""It is hard to collaborate with our filtered environment.""The solution needs to have better logging features.""I have worked with the new FTD models and they have more features than the ASA line.""In terms of what could be improved, I would say the UTM part should be more integrated for one price, because if you buy ASA from Cisco, you need to buy another contract service from Cisco as a filter for the dictionary of attacks. In Fortinet, you buy a firewall and you have it all.""It doesn't have Layer 7 security."

More Cisco ASA Firewall Cons »

"The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway.""The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters.""In the next release, I would like to see better integration between the endpoints and the firewalls.""It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity.""The implementation should be simplified.""In the next release, I would like for them to develop an anti-malware functionality in which it checks for malicious files like Cisco has.""There should be an option for direct integration with the Azure platform.""The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries."

More Palo Alto Networks VM-Series Cons »

Pricing and Cost Advice
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today.""The price is comparable.""This product is expensive.""Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed.""The solution was chosen because of its price compared to other similar solutions.""For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive.""Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain.""Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"Its price is moderate. It is not too expensive.""I like its licensing because you buy the license once, and it is yours. We don't have to go for a subscription. So, I liked how they licensed Cisco ASA. Our clients are also very satisfied with its licensing model.""The product cost is a little high. It is a little bit on the high side, and it should be a little bit cost-friendly.""This is an expensive product, although when you buy this solution, you can do many things so it provides good value for the investment.""When we bought it, it was really expensive. I'm not aware of the current pricing. We had problems with licensing. After our IPS subscription ended, we couldn't renew it because Cisco was moving to the next-generation firewall platform. So, they didn't provide us with the new license.""It is expensive. There is a cost for everything. There is per year license cost and support cost. There is also a cost for any training, any application, and any resource. Things are very costly to do with Cisco. Other brands are cheaper. They are also more flexible in terms of training, subscription, and licensing. They give lots and lots of years free. They provide more than Cisco.""We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high.""When it comes to Cisco, the price of everything is higher. Cisco firewalls are expensive, but we get support from Cisco, and that support is very active."

More Cisco ASA Firewall Pricing and Cost Advice »

"Palo Alto can be as much as two times the price of competing products that have twice the capabilities.""The VM series is licensed annually.""The price of this solution is very high for some parts of Africa, which makes it a challenge.""The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used.""Because I work for a university and the URL is for the institution, it's a free license for us.""It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years."

More Palo Alto Networks VM-Series Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
554,586 professionals have used our research since 2012.
Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
Top Answer: One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
Top Answer:  Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports… more »
Top Answer: When looking to change our ASA Firewall, we looked into Palo Alto’s WildFire. It works especially in preventing advanced… more »
Top Answer: In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
Top Answer: Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the… more »
Top Answer: The initial setup was straightforward.
Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more.

Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic.

Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency.

Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.

The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.

In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.

Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Cisco ASA Firewall
Learn more about Palo Alto Networks VM-Series
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Warren Rogers Associates
Top Industries
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Manufacturing Company8%
Non Profit8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
REVIEWERS
Financial Services Firm17%
Comms Service Provider13%
Manufacturing Company10%
University6%
VISITORS READING REVIEWS
Comms Service Provider35%
Computer Software Company21%
Government5%
Educational Organization4%
REVIEWERS
Financial Services Firm23%
Government15%
Manufacturing Company15%
Healthcare Company8%
VISITORS READING REVIEWS
Computer Software Company29%
Comms Service Provider19%
Financial Services Firm5%
Government5%
Company Size
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
REVIEWERS
Small Business35%
Midsize Enterprise26%
Large Enterprise39%
VISITORS READING REVIEWS
Small Business28%
Midsize Enterprise16%
Large Enterprise56%
REVIEWERS
Small Business38%
Midsize Enterprise31%
Large Enterprise31%
Find out what your peers are saying about Cisco ASA Firewall vs. Palo Alto Networks VM-Series and other solutions. Updated: November 2021.
554,586 professionals have used our research since 2012.

Cisco ASA Firewall is ranked 6th in Firewalls with 62 reviews while Palo Alto Networks VM-Series is ranked 11th in Firewalls with 16 reviews. Cisco ASA Firewall is rated 8.0, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco ASA Firewall writes "Robust solution that integrates well with both Cisco products and products from other vendors". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". Cisco ASA Firewall is most compared with Fortinet FortiGate, Palo Alto Networks WildFire, Meraki MX, Juniper SRX and Check Point CloudGuard Network Security, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate, Juniper SRX, Fortinet FortiGate-VM and Palo Alto Networks NG Firewalls. See our Cisco ASA Firewall vs. Palo Alto Networks VM-Series report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.