We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's very fast and easy to configure."
"Fortinet FortiGate's reliability is valuable."
"I appreciate FortiGate's flexibility, which allows for centralized management through FortiManager."
"The most valuable feature of Fortinet FortiGate is URL filtering."
"Offers good security and filtering."
"Virtual Domains (VDOMs) are a feature that we found valuable."
"The solution is very user-friendly."
"The reporting and monitoring are very good."
"It's protecting the organization against the impact of cyber threats and cybersecurity. We run manufacturing plants that have hazardous material, and we don't want that manufacturing process to be impacted by break-in exposure, cyber threats, or any other similar thing."
"The implementation is pretty straightforward."
"I like them mostly because they don't break and they have great diagnostics."
"With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well."
"The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos."
"If only a Layer 4 FW is needed, this is a good solution."
"For our very specific use case, for remote access for VPN, ASAs are very good."
"The Firepower IPS, based on Snort technology, has an amazing detection engine and historical analysis capability of files that eases threat investigations a lot."
"We can monitor the traffic manually and detect threats. Additionally, we can block different IP addresses and URLs."
"App-ID and User-ID have repeatedly shown value in securing business critical systems."
"The most effective features for threat prevention are application-based prevention and WildFire. These features cover various threats, such as ransomware, malware, etc. They provide real-time visibility. By applying appropriate policies, threats can be blocked."
"It has a good performance which helps you with the stability of your virtual environment."
"What I like about the VM-Series is that you can launch them in a very short time."
"Palo Alto Networks VM-Series has everything centralized. You have the VPN solution, firewall, routing, UDR, flexibility, updates, and full visibility of your traffic."
"It is very stable. It is fairly easy to use."
"The VM series has an advantage over the physical version because we are able to change the sources that the machine has, such as the amount of available RAM."
"Fortinet currently has many products bundled with FortiGate including the basic firewall and load balancer, and I think that that they need to have separate product portfolios for each of these specialized services."
"There is a lot of improvement needed with SSL-VPN."
"We had some issues in the beginning while setting it up, but after doing the firmware update, it is working fine."
"Usually, we sell the bundle with the UTM or threat management piece with IPS, IDS. Other providers, such as Palo Alto, are ahead in terms of safe functionality. So, for me, delivering truly safe service is probably something that still needs to be improved."
"The feedback that I have received is that the performance could be better, and the user experience is not as good compared to a previous solution we used. It could be more user-friendly. Of course, it still works fine for our operations."
"To some degree, it's almost a question as to why some of this stuff isn't simpler. For example, for an AP deployment, while it's integrated, the number of steps that you have to go through in order to get the AP up, seems like a lot."
"Technical support could be better. You don't always get the level of help you need right away."
"The support is the main thing that needs to be improved."
"It's lacking one feature: VPN. Also, the 2100 Series lacks a DDoS feature. If they could add that to those platforms, that would be good."
"Cisco is not cheap, however, it is worth investing in these technologies."
"I think they need to review their whole UI because it feels like it was created by a whole bunch of different teams of developers who didn't fully talk to each other. The net policy screen is just a mess. It should look like the firewall policy screen, and they should both act the same, but they don't. I feel like it's two different buildings or programming, who don't talk to each other, and that really annoys me."
"There is no support here in Georgia. If something goes wrong, support is not always very helpful with the other firewalls or other products."
"The maturity needs to be better."
"The reporting and other features are nice, but there is an issue with applying the configuration. That part needs some improvement."
"There may have been one or two incidences of malicious threats."
"With regards to stability, we had a critical bug come out during our evaluation... not good."
"The interface is all Java-based. I would prefer an HTML5 interface."
"It can definitely improve on the performance."
"The web interface is very slow, and it needs to be faster."
"It would be helpful if we had a direct number for the support manager or the supporting engineer. That would be better than having to email every time because there would be less wait."
"From time to time, they have released some content updates that have some issues, maybe twice a year."
"There could be dynamic DNS features similar to Fortinet in the product."
"At the beginning of the implementation, we had some difficulties with the scripts, but Palo Alto Networks support together with a local partner finally fixed it."
"AWS doesn't integrate well with third-party firewalls."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 52 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Palo Alto Networks NG Firewalls, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Juniper SRX Series Firewall and Huawei NGFW. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.
* Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.
* it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).
* I'm not sure this is the case for FTDv, but I don't think that would be different.
I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.
Neither.
I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain. And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).