We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It works very well. It has a lot of different functionalities. Its cost is also fine for our customers."
"I like how we can achieve total integration."
"The user interface (UI) is very, very good."
"The GUI is good."
"There are lots of features and most of them are deployed for internet security. Users are protected if they accidentally go to some malicious sites."
"Its stability is the most valuable."
"Whenever we raise a complaint with FortiGate, their response and resolution times are minimal."
"The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors."
"We are using the Cisco AnyConnect for our end-user VPN with the ASA."
"It is scalable and stable."
"Cisco tech is always good and helpful. I would rate them as 10 out of 10."
"I like that it is easy to change the settings."
"The deep packet inspection is useful, but the most useful feature is application awareness. You can filter on the app rather than on a static TCP port."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"We found the initial setup to be easy."
"Simple to deploy, stable."
"The solution strengthens our IT posture."
"The main advantage of Palo Alto Networks VM-Series stems from the fact that you can access it with the help of cloud services."
"The most valuable features of the solution are its stability, ease of implementation, ease of operation, and security."
"It has the ability to create Palo Alto VM-series using software."
"It has a good performance which helps you with the stability of your virtual environment."
"I like the UI. Most things are accessible from the user interface and it is quite user-friendly. With respect to both VM-based firewalls and physical firewalls, it's easy to create updates."
"The solution enables organizations to enforce policies."
"It gives us the ease that we are secure. We have set up the proper things that help make our data safe."
"There are some complex administration tasks in their administration portal. That needs to be improved."
"The firewall engine is not so strong as of now, in my opinion... My second concern is that, while they have Zero-day vulnerability and anti-malware features, the threat engine needs to be strengthened, its efficiency can be increased."
"Fortinet FortiGate should improve the VPN tokens."
"There are some cloud-based features that could be much more flexible than they currently are."
"You do need some IT knowledge in order to effectively work with the solution."
"There are some license issues. Not every feature must have a separate license. There must be some of kind synergy between the license so we don't have to pay for every individual license that we would like to have."
"Pricing for it is a bit high. It could be cheaper."
"The way everything is set up could be easier. Currently, people need a lot of experience and knowledge to administer it and to link it to devices."
"I needed to be well-versed with all the command lines for Cisco ASA in order to fully utilize it. I missed this info and wasted some operational costs."
"<p>If there is old hardware, or appliances, it does not necessarily work with the new Cisco generation firewalls."
"We have encountered problems when implementing new signatures and new versions on our firewall. Sometimes, there is a short outage of our services, and we have not been able to understand what's going on. This is an area for improvement, and it would be good to have a way to monitor and understand why there is an outage."
"The scalability has room for improvement."
"Cisco wasn't first-to-market with NGFWs... they should look at what other vendors are doing and try not only to be on the same wavelength but a little bit better."
"The management of the firewalls could be improved because there are a lot of bugs."
"I would like the ability to pick and choose different features of it to run in a packaged infrastructure or modules, therefore I would like to have more customizability over it."
"Sometimes my customers say that Cisco Firewalls are a bit more difficult compared to Fortigate or Palo Alto. There is complexity in the configuration and the GUI could be improved."
"There should be an option for direct integration with the Azure platform."
"Its web interface is a bit outdated, and it needs to be updated. They can also improve the NAT functionality. We have had issues with the NAT setup."
"The current licensing model can be a sore point as we're paying for features we're not fully utilizing."
"It is not very easy to scale up the solution."
"We have ran into issues with Palo Alto’s limitations for resolving large IP lists from DNS lookups, as well as the antivirus interfering with App-ID."
"There are some delays that I have observed when my company communicates with Palo Alto's support engineers."
"They made only a halfhearted attempt to put in DLP (Data Loss Prevention)."
"There is no proper support channel to follow up on cases."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 53 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Palo Alto Networks NG Firewalls, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Juniper SRX Series Firewall and Huawei NGFW. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.
* Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.
* it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).
* I'm not sure this is the case for FTDv, but I don't think that would be different.
I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.
Neither.
I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain. And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).