We performed a comparison between Cisco Secure Firewall and Fortinet Fortigate based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Fortinet Fortigate comes out on top. Its ease of deployment combined with its solid set of features and excellent service and support ratings make it a more desirable solution than Cisco Secure Firewall.
"The most stable firewall I’ve ever worked with. Once you get the ASA set up properly, it can run for a whole year without any major issues, apart from the normal daily administration."
"Cisco tech is always good and helpful. I would rate them as 10 out of 10."
"I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall."
"The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one."
"Stability, high availability of services, and very high MTBU were the most valuable features for me."
"If only a Layer 4 FW is needed, this is a good solution."
"The initial setup was not complex."
"Sourcefire has been a great addition. The visibility and control have been nice."
"The stability of the solution is excellent, as it is with other Fortinet products."
"User-friendly and affordable security solution that's recommended for SMB customers. This solution has good technical support."
"It's very good and very stable for businesses. It works very well."
"The most valuable features of Fortinet FortiGate are the ease of use and there are several operating systems that can include the hardware capacities. In the newer releases, the resources were more useful because they were included in the operating system."
"It's inexpensive compared to some of the other technology out there."
"All of the features of Fortinet FortiGate are useful and the security protection is good."
"It's a user-friendly firewall. Most of the tasks are very simple. It's simple to configure and troubleshoot this firewall."
"The features that I have found most valuable are the SD-WAN and their IP4 policy."
"The pricing is a bit high."
"I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than with ASAv."
"<p>If there is old hardware, or appliances, it does not necessarily work with the new Cisco generation firewalls."
"The ASA needs to incorporate the different modules you have to integrate to achieve UTM functions, especially for small businesses."
"Other firewalls, upgrading is a very easy task; from the graphical user interface, you just need to import the firmware versions into it and install it. In this firewall, you need to have a third-party solution in both. It's a process. It's a procedure, a hard procedure, actually, so there is no straightforward procedure for upgrading."
"A memory leakage issue which literally freeze the nodes (we have an HA environment). The issue is still not solved and the only recommendation from Cisco is to reboot the node."
"Our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help."
"UTM features would be nice or some NextGen features."
"I think there could be more QoS features"
"The sniffing packets or packet captures, can be simplified and improved because it's a little confusing."
"They can do more tests before they release new versions because I would like to be more assured. We had some experiences where they release something new and great, but some of the old features are disabled or they don't work well, which impacts the product satisfaction. The manufacturer should be able to prove that everything works or not only that it might work. This is applicable to most of the other services, software, and hardware companies. They all should work on this. We cannot trust every new release, such as a beta release, on the first day. We wait for some comments on the forums and from other companies that we know. We always wait a few weeks before we use the updated version. They should also extend the VPN client application, especially for Linux versions. Currently, it has an application for Linux devices, but it doesn't work the way we want to connect to the VPN. They use only the old connection, not the new one. They have VPN client applications for Windows and Mac, but they can add more useful features to better manage the devices and monitor the current health of each device. Such features would be helpful for our company."
"FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."
"The cloud features can be improved."
"In terms of what could be improved, the SD-WAN is quite difficult, because if you install the new box, 15 is okay, but if you change from an old configuration, if there is already configuration and a policy when you change to SD-WAN, you must change the whole policy that you see in the interface."
"The firewall engine is not so strong as of now, in my opinion... My second concern is that, while they have Zero-day vulnerability and anti-malware features, the threat engine needs to be strengthened, its efficiency can be increased."
"One of the problems I was having was with user mapping, and it is an issue for which I have escalated tickets with Fortinet support."
Cisco Secure Firewall is ranked 4th in Firewalls with 112 reviews while Fortinet FortiGate is ranked 2nd in Firewalls with 67 reviews. Cisco Secure Firewall is rated 8.2, while Fortinet FortiGate is rated 8.4. The top reviewer of Cisco Secure Firewall writes "Includes multiple tools that help manage and troubleshoot, but needs SD-WAN for load balancing". On the other hand, the top reviewer of Fortinet FortiGate writes "Efficient, user-friendly, and affordable". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Juniper SRX Series Firewall, whereas Fortinet FortiGate is most compared with Sophos XG, Netgate pfSense, Meraki MX, Check Point NGFW and WatchGuard Firebox. See our Cisco Secure Firewall vs. Fortinet FortiGate report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.