We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Pros | ||
"The greatest benefit for the organization is the confidence that we are secured." "Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good." "I haven't had any major problems so I haven't had to open a ticket with technical support." "The IPS (In-plane switching) is the most valuable feature." "I like the user interface because the navigation is very easy, straightforward on your left side pane you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward." "We have multiple secure internal networks linked with our plants. We are from a oil company, so we have multiple plant areas which need to have restricted network access. Therefore, we are using it for restricting access to the plant area." "The initial setup was completely straightforward." "I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little on Palo Alto Networks equipment. There is a lot I have to learn about the difference." | "Stability is perfect. I haven't had any problems." "We chose Cisco because it had the full package that we were looking for." "Because of the deeper inspection it provides we have better security and sections that allow users broader access." "An eight because it's a good security solution. It's more mature than its competitors." "Cisco Firepower NGFW is really easy to use right now to determine when my file requires a shift from primary to secondary status, and it can be done with automation. Earlier we used to do this with patching." "I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment." "The most valuable feature of the Firepower solution is FireSIGHT, which can be easily managed and is user-friendly." "Once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering." | "The most valuable aspects of this solution are that it's simple and stable. It has better security aspects compared to other similar solutions." "The most valuable features are security and support." "The interface with Panorama makes it very easy to use." "The most valuable features are web control and IPS/IDS." "In Palo Alto the most important feature is the App-ID." "The most valuable feature is the Posture Assessment." "The most valuable feature is that you can control your traffic flowing out and coming it, allowing you to apply malware and threat protection, as well as vulnerability checks." "The Palo Alto VM-Series is nice because I can move the firewalls easily." |
Cons | ||
"There may have been one or two incidences of malicious threats." "Some of the features, like the stability, need to be improved." "In the past though, colleagues have had issues during the upgrade process. The failover didn't work and production was down." "At times the product is sluggish and slow" "If I need to download AnyConnect in a rush, it will prompt me for my Cisco login account. Nobody wants to download a client to a firewall that they don't own." "Most of the time, when I try to run Java, it is not compatible with ASA's current operating systems." "We have to rely on Cisco ASDM to access the firewall interface. This needs improvement. Because we have a web-based interface, and it is a lot more user-friendly." "The installation and integration of Cisco ASA with FirePOWER can be improved. The management with Fortigate is easier than Cisco ASA on FirePOWER. The management side of Cisco ASA can be improved so it can be more easily configured and used." | "I would like for them to develop better integration with other security platforms." "The stability and the product features have to really be worked on." "Cisco should redo their website so it's actually usable in a faster way." "The security features in the URL category need more improvement." "One feature lacking is superior anti-virus protection, which must be added." "Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC." "I would like to see the inclusion of more advanced antivirus features in the next release of this solution." "In Firepower, there is an ability to search and dig into a search, which is nice. However, I'm not a super fan of the way it scrolls. If you want to look at something live, it's a lot different. You're almost waiting. With the ASDM, where it just flows, you can really see it. The second someone clicks something or does something, you'll see it. The refresh rate on the events in Firepower is not as smooth." | "In the next release, I would like for them to develop an anti-malware functionality in which it checks for malicious files like Cisco has." "There should be an option for direct integration with the Azure platform." "The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI." "I would like to have automatic daily reporting, such as how many users have connected via SSL VPN." "The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries." "In the next release, I would like to see better integration between the endpoints and the firewalls." "The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway." "The product needs improvement in their Secure Access Service Edge." |
Pricing and Cost Advice | ||
"Licensing is expensive compared to other solutions." "The cost is a big factor for us. This is why we are using it only in our restricted area. They are very much higher than their competitors in the market." "We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement." "Watch out for hidden licensing and incredibly high annual maintenance costs." "I bought a license for three years and it was really affordable." "With AnyConnect, it depends on your license. It depends on the number of concurrent users you want to connect." "This solution might be expensive, but it is economical in the long run." "Some of our customers would be more likely to standardize on Cisco equipment if the cost was lower because a lot of people install cheap equipment." | "It's more expensive than Fortinet and Juniper. The price is high compared to other vendors. In general, for the license, it's not that expensive." "The Cisco licensing agreement in Bangladesh is different than the one in India and in Dubai. It is not a problem, but if you want to subscribe to the yearly subscription, the original cost is really high. Also, if you go for an anti-virus, you pay for an additional yearly subscription." "The price of this solution is not good or bad." "The Firepower series of appliances is not cheap. I just got a quote recently for six firewalls that was in the range of over half-a-million dollars. That's what could push us to look to other vendors..." "Our subscription costs, just for the firewalls, is between $400,000 and $500,000 a year." "Cisco's pricing is high, at times, for what they provide." "The one-time cost is affordable, but the maintenance cost and the Smart Net costs need to be reduced. They're too high." "We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though." More Cisco Firepower NGFW Firewall Pricing and Cost Advice » | "The price of this solution is very high for some parts of Africa, which makes it a challenge." "Palo Alto can be as much as two times the price of competing products that have twice the capabilities." "The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used." "Because I work for a university and the URL is for the institution, it's a free license for us." "It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years." |
Use our free recommendation engine to learn which Firewalls solutions are best for your needs. 456,966 professionals have used our research since 2012. | ||||
Answers from the Community | ||||
See all 4 answers » | ||||
Questions from the Community | ||||
Top Answer:
When you compare these
firewalls you can identify them with different features, advantages,
practices and… more » Top Answer: Cisco FW for peace of mind Top Answer: They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home… more » | Top Answer: Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to… more » Top Answer: The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect… more » Top Answer: Our primary use case for this solution is to improve network security. The maturity of our company's security… more » | Top Answer: I have been working with Palo Alto for more than 5 years now and I think I have worked with almost every other firewall… more » Top Answer: The most valuable features are web control and IPS/IDS.
Top Answer: The price of this solution is very high for some parts of Africa, which makes it a challenge. If it were lowered then it… more » | ||
Popular Comparisons | ||||
![]() Compared 34% of the time. ![]() Compared 7% of the time. ![]() Compared 5% of the time. ![]() Compared 5% of the time. | ![]() Compared 24% of the time. ![]() Compared 14% of the time. ![]() Compared 8% of the time. ![]() Compared 5% of the time. ![]() Compared 4% of the time. | ![]() Compared 40% of the time. ![]() Compared 12% of the time. ![]() Compared 7% of the time. ![]() Compared 5% of the time. ![]() Compared 1% of the time. | ||
Also Known As | ||||
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv | Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv | |||
Learn | ||||
Cisco | Cisco | Palo Alto Networks | ||
Overview | ||||
Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more. Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic. Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency. Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud. | Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from | The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM. The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports. In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies. | ||
Offer | ||||
Learn more about Cisco ASA Firewall | Learn more about Cisco Firepower NGFW Firewall | Learn more about Palo Alto Networks VM-Series | ||
Sample Customers | ||||
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow. | Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield | Warren Rogers Associates | ||
Top Industries | ||||
Financial Services Firm17% Comms Service Provider14% Manufacturing Company10% Computer Software Company7% Comms Service Provider34% Computer Software Company22% Media Company5% Government4% | Financial Services Firm27% Comms Service Provider27% Non Profit14% Transportation Company9% Comms Service Provider39% Computer Software Company22% Government5% Media Company4% | Financial Services Firm23% Manufacturing Company15% Healthcare Company8% Retailer8% Computer Software Company31% Comms Service Provider17% Insurance Company4% Educational Organization4% | ||
Company Size | ||||
Small Business35% Midsize Enterprise26% Large Enterprise39% Small Business28% Midsize Enterprise21% Large Enterprise51% | Small Business44% Midsize Enterprise23% Large Enterprise33% Small Business11% Midsize Enterprise10% Large Enterprise80% | Small Business37% Midsize Enterprise30% Large Enterprise33% |
Cisco Firepower NGFW Firewall is ranked 4th in Firewalls with 30 reviews while Palo Alto Networks VM-Series is ranked 9th in Firewalls with 15 reviews. Cisco Firepower NGFW Firewall is rated 8.4, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Firepower NGFW Firewall writes "Enables analysis, diagnosis, and deployment of fixes quickly, but the system missed a SIP attack". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". Cisco Firepower NGFW Firewall is most compared with Fortinet FortiGate, Palo Alto Networks WildFire, Meraki MX, Azure Firewall and Palo Alto Networks NG Firewalls, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate, Fortinet FortiGate-VM, Juniper SRX and Kerio Control. See our Cisco Firepower NGFW Firewall vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Palo Alto's Vulnerability Protection (IPS) has a good rating from NSS Labs and allows the use of Suricata and Snort signatures. The PAN-OS 10 release includes local machine learning that protects against zero-day attacks.
Pricewise Cisco. But PA has better rating.
Palo Alto is better.
In my Oppinion, Palo Alto is better than Cisco. You can refer in NSS Lab 2018 & 2019 DCSG-SVM, NSS-labs-NGIPS-Comparative-Report, and some report from Forester about Zero Trust Architecture, and Gartner SASE report to discus more advantages of Palo Alto in the future