We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"It is user friendly, and has all the features you need."
"The user interface is relatively easy. The devices are easy to deploy and figure out when you have experience with other security appliances."
"Its user interface is good, and it is always working fine."
"We are a visual effects company, and there have been a number of high profile security issues in our industry. This has brought us to a higher standard of security, which our clients are very keen on these days."
"One of the valuable features is a standardized OS."
"Provides good firewall security and has great VPN features."
"Whenever we raise a complaint with FortiGate, their response and resolution times are minimal."
"It's an easy solution to set up."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"Collaboration with other Cisco products such as ISE and others is the most valuable feature."
"The most valuable Cisco Secure Firewall features are options, features, and ease of deployment because it's an appliance."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"The VPN feature is the most valuable to us because it accomplishes the task well. We're able to do everything we need to do."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"The most important feature is the VPN connection."
"The stability is very good; there's no vagueness. Either it works or it doesn't, and it's also very easy to find out why."
"In the newer version, there are 3850s, all of them are scalable. They fit better into the medium or small businesses."
"The VM series has an advantage over the physical version because we are able to change the sources that the machine has, such as the amount of available RAM."
"The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable."
"They now know the details about their network traffic that they did not know before: Applications that they are using and some application they did not know they were using."
"What I like about the VM-Series is that you can launch them in a very short time."
"The most valuable feature of the solution is the zero-trust security architecture."
"The VM-Series reports how much bandwidth a particular IP is using. You don't need to regularly log into a website, like a Cisco command, to see what kind of ACL it's getting. There isn't an ACL use portal event. You can go there and see how much my ACL has been getting me."
"The most valuable feature is the Posture Assessment."
"I would like some automated custom reporting."
"If they could extend their fabric towards other vendor environments for integration, that would be great."
"It is quite new for us, and we need to go more in-depth into the monitoring tools. It provides different features that we need to do what we want. So far, it is okay for us. In terms of improvement, in the future, they can provide a faster implementation of features. Some of the features are first available in other solutions. Fortinet sometimes takes a little bit longer than other solutions, such as Check Point, to implement new features."
"At first glance, the interface for the device is very confusing."
"One area for improvement is the performance on the bandwidth demands for smaller devices, as well as better web filtering."
"Backup can be improved."
"The solution can have more features in a single box that can be multi-applied to integrate everything."
"They have to just improve its performance when we enable all UTM features. When you enable all the features, the performance of FortiGate, as well as of Sophos and SonicWall, goes down."
"The license system is also good but it's not very impressive. It's a very regular licensing system. They call it a smart license which means that your device will connect to the internet. This is a little bit of a headache for some customers. It doesn't make the customer happy because most of the customers prefer not to connect their firewall or system to the internet."
"The scalability has room for improvement."
"Cisco is not cheap, however, it is worth investing in these technologies."
"It is hard to control the bandwidth of end-users with a Cisco Firewall. That is the main issue I've faced. I used Mikrotik for many years for this very reason. Mikrotik has the option to set a bandwidth restriction for a single IP or complete segments. Cisco should add this option to their firewall."
"We are looking for software taxi capabilities."
"The only improvement that we could make is maybe [regarding] the roadmap, to have better visibility as to what we are targeting ahead in the next few quarters."
"Cisco ASDM is a problem because it is old."
"The overall licensing structure could improve to make the solution better."
"The only minor issue we've faced is with the app's ID configuration, which requires specific matching for application filtering."
"Palo Alto should update their documentation to make it more readable and provide easier-to-follow instructions through videos."
"The solution's licensing could be improved, and training should be included before installation."
"Palo Alto Networks VM-Series is a complex product to work with."
"I would like to have automatic daily reporting, such as how many users have connected via SSL VPN."
"Just sometimes it can be a bit sluggish navigating through pages. That is just purely because of Java."
"It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity."
"The interface is all Java-based. I would prefer an HTML5 interface."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 52 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Palo Alto Networks NG Firewalls, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Juniper SRX Series Firewall and Huawei NGFW. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.
* Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.
* it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).
* I'm not sure this is the case for FTDv, but I don't think that would be different.
I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.
Neither.
I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain. And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).