Compare Cisco Firepower NGFW Firewall vs. Fortinet FortiGate

You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about Cisco Firepower NGFW Firewall vs. Fortinet FortiGate and other solutions. Updated: September 2020.
442,517 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

"It is a secure product.""It is scalable and stable.""Cisco ASA is very strong.""It protects our network.""The stability of the product is good.""It is a comprehensive suite and complete package.""The integration and configuration were pretty straightforward.""The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it."

More Cisco ASA Firewall Pros »

"The architecture of FTD is great because it has an in-depth coverage and because it uses the AVC, (Application, Visibility, and Control) and also rate limits. Also, the architecture of fast paths is great.""Stability is perfect. I haven't had any problems.""We chose Cisco because it had the full package that we were looking for.""Because of the deeper inspection it provides we have better security and sections that allow users broader access.""An eight because it's a good security solution. It's more mature than its competitors.""Cisco Firepower NGFW is really easy to use right now to determine when my file requires a shift from primary to secondary status, and it can be done with automation. Earlier we used to do this with patching.""I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment.""The most valuable feature of the Firepower solution is FireSIGHT, which can be easily managed and is user-friendly."

More Cisco Firepower NGFW Firewall Pros »

"The most valuable feature is the policy routing and application control.""The response is very quick and they can visually resolve our problems in a short period.""It enables our organization to become more productive. Also, it protects our NEtWare from viruses and malware.""It performs very well.""It has very easy management and an amazing ETM configuration.""I am "headache free" that I don't have to categorize all the websites and that security has been pre categorized by the people, and that the services are getting updated. At least one part of my problem is over.""It has improved our security capabilities.""It is a good source for firewall protection."

More Fortinet FortiGate Pros »

"It is not easy to configure.""The scalability is a bit limiting, to be honest. In terms of when you look to changing landscape in terms of threats, I think to me, my personal it's a bit limiting.""Tech support could not answer all of our questions. I had to do research on the web to solve my issues.""Migration with other appliances is not easy. It has to be done manually, and this takes a long time.""The pricing is a bit high.""Cisco ASA should be easier to use. It is a bit tough to navigate and see what is going on.""Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version.""The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now."

More Cisco ASA Firewall Cons »

"The license system is also good but it's not very impressive. It's a very regular licensing system. They call it a smart license which means that your device will connect to the internet. This is a little bit of a headache for some customers. It doesn't make the customer happy because most of the customers prefer not to connect their firewall or system to the internet.""I would like for them to develop better integration with other security platforms.""The stability and the product features have to really be worked on.""Cisco should redo their website so it's actually usable in a faster way.""The security features in the URL category need more improvement.""One feature lacking is superior anti-virus protection, which must be added.""Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC.""I would like to see the inclusion of more advanced antivirus features in the next release of this solution."

More Cisco Firepower NGFW Firewall Cons »

"The UI could be improved.""The room for improvement is about the global delivery time period. Usually I need to wait for almost one month to deliver it overseas. So if you can shorten the deliver time it'd be great.""I think the only issue that needs improvement is the interface.""I would like to see more advanced developments of a wireless controller in the future.""A couple of things I've seen that need improvement, especially in terms of a hard coding. The driver-level active moment really is out-of-the-box and we have to have contact the customer support and sometimes it is difficult to resolve.""There were quite a few problems with the stability of the system.""The UTM filtering needs improvement.""The web-cache feature which was previously on the FortiGate device, but was deleted with the recent upgrade should be returned. It was a very valuable feature for us."

More Fortinet FortiGate Cons »

Pricing and Cost Advice
"The cost is a bit higher than other competitive solutions on the market.""It is considered on the "high end" of the spectrum.""Cisco recently has become very expensive.""The cost is a bit high compared to other solutions in the market.""Purchasing from the AWS Marketplace was easy. It was just point and click.""It is pay-as-you-go, so it much cheaper than buying in the plants.""Our individual release cycle has been quicker because the entire development and testing environment has been automated because of these virtual instances. It has aligned our development workflow. This is where we have seen the ROI increase.""With the Cisco ASA, you do get what you pay for. What would really be awesome is to see Cisco blow out a real cheap version where you can use the sandbox, but leave it step-wise and go to another product relatively easily, like getting you hooked on candy."

More Cisco ASA Firewall Pricing and Cost Advice »

"Based on the services that you will get, especially the AMP license, the price is very reasonable.""It's more expensive than Fortinet and Juniper. The price is high compared to other vendors. In general, for the license, it's not that expensive.""The Cisco licensing agreement in Bangladesh is different than the one in India and in Dubai. It is not a problem, but if you want to subscribe to the yearly subscription, the original cost is really high. Also, if you go for an anti-virus, you pay for an additional yearly subscription.""The price of this solution is not good or bad.""The Firepower series of appliances is not cheap. I just got a quote recently for six firewalls that was in the range of over half-a-million dollars. That's what could push us to look to other vendors...""Our subscription costs, just for the firewalls, is between $400,000 and $500,000 a year.""Cisco's pricing is high, at times, for what they provide.""The one-time cost is affordable, but the maintenance cost and the Smart Net costs need to be reduced. They're too high."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"The beauty is the price performance ratio is great with FortiGate. It provides all the features we needed and the price is comparable with others' firewalls. The price is quite competitive with the firewalls with similar features.""The price, in comparison to other products is very cheap.""The pricing is perfect.""We find the most valuable aspect of this solution is the price. It is affordable, and cheaper than other firewalls.""It is an inexpensive solution.""It is cost-effective, and provides a good value for your money. The pricing, and license renewal, is very reasonable for us.""They need to be competitive with other solutions.""It is a good product from a price perspective versus functionality."

More Fortinet FortiGate Pricing and Cost Advice »

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
442,517 professionals have used our research since 2012.
Answers from the Community
Mostafa Nageh
author avatarPaul Friend

We are partners for both products and as a security practice, we recommend Fortinet over Cisco for security. Fortinet offers improved security efficacy, performance, and cost. Cisco has dropped off badly in analysts' reports recently and we hardly see them in serious security conversations on this side of the world.

author avatarTodd Ellis
Real User

The FortiGate is a good firewall for the price. Out of the box, it runs great. As time progresses, nine months/one year into the updates it isn't running as well. I think overall is it still okay for the most part. Price is big for many customers and the FortiGate is a good value. The Cisco FTD or ASA w/Firepower is also a good firewall. The FTD has quite a bit of compute and resources. The Snort engine does a good job of identifying traffic and flagging traffic that needs more analysis. The ASA functions run as virtual on the ASA as Lina. So all your Site-to Site VPN and Anyconnect work from this side of the firewall. The ASA with Firepower is almost a legacy firewall that isn't as fast as the FTD but it still gets the job done. Unless you need the legacy connections I would go the FTD route. The ASA architecture of hardware is going the route of the FTD. Once the Anyconnect was added to FTD it is the way to go. The real value comes in the integration with all the other Cisco products. Umbrella, AMP4Endpoint, ISE, Stealthwatch, and Cloudlock, all integrate directly with the Cisco Firepower NGFW to give you visibility with Cisco Threat Response. Honestly, with the right API, you can get the same integration with the FortiGate. I would say that with the right ordering schedule you can get a bundled package that is pretty price competitive.

Another consideration is what are you replacing when you are putting this firewall in? Make sure that you are getting the right throughput solution that can handle the traffic. Cisco CDO makes migration fairly easy if you are migrating old ASAs. If you are replacing a FortiGate it might be best to stay in that direction.

If you are going to be managing all of these firewalls and keeping them updated I would not hesitate to go the Cisco FTD route. Using Cisco Threat Response operationalizes security management.

author avatarDavid Hartt
Real User

Firepower requires significant systems to suit adjacent to an ASA to support IPS and other aspects of the solution. FortiGate does not require a significant investment in systems and offers a number of cloud-based options to move to a near turn-key solution. In addition, VPN implementation and other tools and instrumentation fit well within a comprehensive compliance solution including various scanners.

In my opinion, the entry price point for the two solutions and the ongoing manageability of the platform tips the scale heavily in Fortinet’s corner. I tend to prefer systems that appear in Gartner’s upper right quadrant and in my opinion, Cisco has to play significant “catch up” and have significantly improved in the last 24 months but they are still behind.

author avatarJunedh Rehman

FortiGate interface and features are easier to set up and manage

author avatarMelvynLee
Real User

Regretfully, I have no in-hand experience on either specific firewall.

I can only comment that Fortinet remains one of the fore-bearers in Firewall technology and Cisco_Meraki has the corporate backup of Cisco.

We have a Meraki MX series Firewall and, to date, it has covered our needs comprehensively. It does tend to lend itself more towards full integration of Meraki devices throughout the network e.g Peer to Peer VPNs but hybrid networks still function well albeit a little more complicated to set up.

Either supplier will not let your client down as both are reliable vendors. I would advise your client to list the important elements of NGFW for their network and compare these. If these comparisons are balanced, and I suspect that support is equivalent from both vendors then it's down to cost.

author avatarVinesh Raniga

I was un exactly your shoes a few months back. We made the decision to go with FortiGate for a few reasons:

1. The price was a no brainer. Cisco NGFW is also (in my opinion) miles behind what some of the firewalls can do nowadays.

2. The throughput of the firewall: I chose to go with the 501-E model of the FortiGates. It has 2x 10G interfaces and a total throughput of about 30Gbps I think (don’t quote me on this).

3. Ease of configuration: The FortiGates are one of the easiest firewalls to configure. They do have their own bugs but if you find a stable release, you’d be very satisfied with these firewalls.

I would still prefer a Palo Alto over a Fortinet firewall but they will come at a huge price tag!

author avatarreviewer1171122 (Manager IP Network Security Planning at a comms service provider with 10,001+ employees)
Real User

The biggest difference is the ease of use and deployment.

Fortinet has a simple user interface and they seem to have a better UI/UX design than cisco.

While cisco is also a market leader and good with firewalling technologies the ease of use is not there. This is coming from someone that started learning with cisco products.

author avatarRichard Benfatto

I am not going to mention the price because, at the end of the day, the price of something cheap turns very expensive.

I had a Cisco ASA and got fed up. That Java interface, that extra module for IPS, it was a total headache.

Fortinet has spent serious money with ASIC (Application Specific Integrated Circuits) chips so the hardware can take care and leave the CPU at low revs. The interface is great and that Java disaster goes, but regardless of that the efficiency and real protection, well see NSLABS reports, nothing more to say.

Cisco invented the router, then purchased a switch company, then they pretended to know RF (Radio Frequency or wireless). Sorry, it's not on. Not even with the purchase or Ironport. Fortinet is the way to go. I am a Cisco Academy trainer and after this but the truth is one and only one.

By the way, the appliance I have also comes with 10 licenses for endpoint security clients (Forticlient). Not bad, but Symantec Endpoint Security is better, especially when it comes to layer 2.

Questions from the Community
Top Answer: They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home… more »
Top Answer: In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco.
Top Answer: Hello there. That is a valid question many would have when they evaluate a product. However comparison of Wildfire and… more »
Top Answer: Firepower requires significant systems to suit adjacent to an ASA to support IPS and other aspects of the solution… more »
Top Answer: Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to… more »
Top Answer: From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know… more »
Top Answer: In my opinion and as a result of years of experience: - Both are great firewalls with excellent performance and a… more »
Top Answer: The difference is the poor performance that Fortigate has when it has all its services in use. Compare which customers… more »
Popular Comparisons
Compared 8% of the time.
Compared 5% of the time.
Compared 4% of the time.
Compared 4% of the time.
Compared 10% of the time.
Compared 9% of the time.
Compared 7% of the time.
Compared 6% of the time.
Compared 6% of the time.
Also Known As
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAvCisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWvFortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate

Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more.

Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic.

Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency.

Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

Learn more about Cisco ASA Firewall
Learn more about Cisco Firepower NGFW Firewall
Learn more about Fortinet FortiGate
Sample Customers
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, WestfieldPittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
Top Industries
Financial Services Firm20%
Comms Service Provider13%
Manufacturing Company9%
Comms Service Provider27%
Computer Software Company26%
Media Company6%
Financial Services Firm36%
Comms Service Provider21%
Transportation Company14%
Manufacturing Company14%
Comms Service Provider34%
Computer Software Company26%
Media Company4%
Comms Service Provider16%
Financial Services Firm9%
Energy/Utilities Company9%
Real Estate/Law Firm7%
Comms Service Provider27%
Computer Software Company24%
Media Company6%
Company Size
Small Business35%
Midsize Enterprise24%
Large Enterprise41%
Small Business27%
Midsize Enterprise25%
Large Enterprise48%
Small Business45%
Midsize Enterprise26%
Large Enterprise29%
Small Business46%
Midsize Enterprise24%
Large Enterprise29%
Small Business43%
Midsize Enterprise23%
Large Enterprise34%
Find out what your peers are saying about Cisco Firepower NGFW Firewall vs. Fortinet FortiGate and other solutions. Updated: September 2020.
442,517 professionals have used our research since 2012.
Cisco Firepower NGFW Firewall is ranked 5th in Firewalls with 20 reviews while Fortinet FortiGate is ranked 1st in Firewalls with 44 reviews. Cisco Firepower NGFW Firewall is rated 8.4, while Fortinet FortiGate is rated 8.6. The top reviewer of Cisco Firepower NGFW Firewall writes "Enables analysis, diagnosis, and deployment of fixes quickly, but the system missed a SIP attack". On the other hand, the top reviewer of Fortinet FortiGate writes "Don't underestimate FortiAnalyzer. It can give you a better understanding of what is going on in your network". Cisco Firepower NGFW Firewall is most compared with Palo Alto Networks WildFire, Meraki MX , Azure Firewall, Check Point Virtual Systems and Palo Alto Networks NG Firewalls, whereas Fortinet FortiGate is most compared with Meraki MX , pfSense, Sophos UTM, SonicWall TZ and Sophos XG. See our Cisco Firepower NGFW Firewall vs. Fortinet FortiGate report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.