We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is very flexible to use."
"The initial setup of Fortinet FortiGate was straightforward."
"The SD-WAN feature is the most valuable. This feature evolved from link load balancing. It has helped us in terms of our uptime and privatizing applications whenever we experience an outage. The SD-WAN feature has been a plus for us. Two-factor authentication has allowed us to add more users in terms of remote working. We have two-factor authentication for remote workers to authenticate them before they get on the network."
"The security features that they have are quite good. On top of that, their licensing model is quite nice where they don't charge you anything for the SD-WAN functionality for the firewall."
"The most valuable feature is the interface, which is very user friendly. We are utilizing most of the features, like content filtering. The firewall is powerful."
"Centralized monitoring, policy management, and virtualized appliances allow us to take control over our public and private infrastructure."
"The most valuable features of Fortinet FortiGate are the rules and quality of service."
"The customization potential is quite impressive."
"With the FMC and the FirePOWERs, the ability to quickly replace a piece of hardware without having to have a network outage is useful. Also, the ability to replace a piece of equipment and deploy the config that the previous piece of equipment had is pretty useful."
"An efficient, easy to deploy and dependable firewall solution."
"Cisco Secure Firewall improved our organization. We have it in every one of our French offices."
"With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well."
"The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes."
"Right now, Cisco ASA NGFW has given us a lot of improvement. We are planning to move to a new facility and will be a much larger organization."
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."
"The protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sites"
"Palo Alto Networks VM-Series has everything centralized. You have the VPN solution, firewall, routing, UDR, flexibility, updates, and full visibility of your traffic."
"It offers a single pane of glass for all the different types of installations."
"They now know the details about their network traffic that they did not know before: Applications that they are using and some application they did not know they were using."
"Centralized management is valuable because it allows us to configure settings in one location and apply them across all three locations."
"The VM series has an advantage over the physical version because we are able to change the sources that the machine has, such as the amount of available RAM."
"The solution strengthens our IT posture."
"A solid operating system with all the necessary data center security features."
"App-ID and User-ID have repeatedly shown value in securing business critical systems."
"The pricing could be a bit better, especially when you consider how they have the most basic offering priced."
"It would be a benefit if Fortinet would release a one-stop solution that is better integrated with other products and an automated emergency response system."
"Security is a continuous process. In every product, there is a requirement for improvement. Its pricing should also be improved according to Indian market requirements. They must also improve on the reporting part. Its reporting can be more precise. If we can get a real-time report in a specific format, it will be helpful for customers to know about the current status of their security."
"Lacks training for new features."
"If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox."
"Fortinet should focus on enhancing the capabilities of FortiGate by consolidating its various products, such as FortiGate Cloud, FortiManager, and FortiAnalyzer."
"It is quite new for us, and we need to go more in-depth into the monitoring tools. It provides different features that we need to do what we want. So far, it is okay for us. In terms of improvement, in the future, they can provide a faster implementation of features. Some of the features are first available in other solutions. Fortinet sometimes takes a little bit longer than other solutions, such as Check Point, to implement new features."
"It would be ideal if they had some sort of GUI interface for troubleshooting and diagnostics."
"Recently, we have been having an issue with the ASA firewall. We haven't found the root cause yet and are still working on it. We failed over the firewall from active to passive and suddenly that resolved the issue. We are now working to find the root cause."
"If I want to activate IPS features on it, I have to buy another license. If I want Cisco AnyConnect, I have to buy another license. That's where we have challenges."
"We are replacing ASA with FTD which offers many new features not available using ASA."
"In terms of what could be improved, I would say the UTM part should be more integrated for one price, because if you buy ASA from Cisco, you need to buy another contract service from Cisco as a filter for the dictionary of attacks. In Fortinet, you buy a firewall and you have it all."
"I would like more features in conjunction with other solutions, like Fortinet."
"Cisco ASA should be easier to use. It is a bit tough to navigate and see what is going on."
"An area of improvement for this solution is the console visualization."
"The phishing emails could be improved."
"The reporting part of the product is an area of concern where improvements are required."
"The user interface could use some improvement."
"Palo Alto Networks VM-Series needs to improve its order process."
"We don't know how it will scale once we start putting more load on it."
"The interface is all Java-based. I would prefer an HTML5 interface."
"The implementation should be simplified."
"It'll help if Palo Alto Networks provided better documentation."
"The web interface is very slow, and it needs to be faster."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 52 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Palo Alto Networks NG Firewalls, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Juniper SRX Series Firewall and Huawei NGFW. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.
* Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.
* it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).
* I'm not sure this is the case for FTDv, but I don't think that would be different.
I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.
Neither.
I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain. And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).