Compare Cisco Firepower NGFW vs. FortiGate-VM

Cisco Firepower NGFW is ranked 8th in Firewalls with 21 reviews while FortiGate-VM is ranked 16th in Firewalls with 10 reviews. Cisco Firepower NGFW is rated 8.0, while FortiGate-VM is rated 8.6. The top reviewer of Cisco Firepower NGFW writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of FortiGate-VM writes "Can use the appliance as a WLAN controller for up to 10 access points". Cisco Firepower NGFW is most compared with Fortinet FortiGate, Cisco ASA NGFW and Palo Alto Networks WildFire, whereas FortiGate-VM is most compared with pfSense, Fortinet FortiGate and Meraki MX Firewalls. See our Cisco Firepower NGFW vs. FortiGate-VM report.
Cancel
You must select at least 2 products to compare!
Cisco ASA NGFW Logo
70,004 views|52,209 comparisons
Cisco Firepower NGFW Logo
24,274 views|20,051 comparisons
FortiGate-VM Logo
4,555 views|3,344 comparisons
Most Helpful Review
Moraima Matilda
Find out what your peers are saying about Cisco Firepower NGFW vs. FortiGate-VM and other solutions. Updated: November 2019.
378,809 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out, and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world.The information coming from Talos does a good job... I like the fact that Cisco is working with them and getting the information from them and updating the firewall.The firepower sensors have been great; they do a good job of dropping unwanted traffic.Unfortunately in Cisco, only the hardware was good.The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos.The most valuable features are the flexibility and level of security that this solution provides.Integration with all the other Cisco tools is valuable.We moved from a legacy firewall to the ASA with FirePOWER, increasing our Internet Edge defense dramatically.

Read more »

The protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sitesThe IPS, as well as the malware features, are the two things that we use the most and they're very valuable.The most valuable features of Cisco firewalls are the IPS and IDS items. We find them very helpful. Those are the biggest things because we have some odd, custom-made products in our environment. What we've found through their IPS and IDS is that their vulnerability engines have caught things that are near-Zero-day items, inside of our network.Once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering.The most valuable feature of the Firepower solution is FireSIGHT, which can be easily managed and is user-friendly.I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment.They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. So that is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities.Cisco Firepower NGFW is really easy to use right now to determine when my file requires a shift from primary to secondary status, and it can be done with automation. Earlier we used to do this with patching.

Read more »

It handles our current load with ease, and I think it can handle a bit more. It definitely can handle a lot more capacity than we currently use.It is very useful to make lists for rules and prepare firewall rules.The customer care center of Fortinet is good. For all the requests that we have done, they work as fast as possible, so this is a good point for Fortinet.​There is an interesting possibility of building a tunnel to a firewall from access points. We use this feature for small branch offices with one to two employees with access to central RDP servers.One top feature is the ability to use the appliance as a WLAN controller for up to 10 access points with the new 5.6 firmware.A top feature is the really good web interface and the classic Fortinet features, such as IPS, IDS, AV scanner, and spam filter.​Initial setup was quite straightforward, as we can simply head to the required sections to apply the planned network.​We use it to ensure that our network is properly protected from viruses and malware.

Read more »

Cons
We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out.Our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help.The software was very buggy, to the point it had to be removed.In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline.Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products.There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue.With regards to stability, we had a critical bug come out during our evaluation... not good.The product would be improved if the GUI could be brought into the 21st Century.

Read more »

The user interface for the FirePOWER management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For FirePOWER, the user interface is not very user-friendly. It's a little bit confusing sometimes.For the new line of FTDs, the performance could be improved. We sometimes have issues with the 41 series, depending what we activate. If we activate too many intrusion policies, it affects the CPU.The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it.In Firepower, there is an ability to search and dig into a search, which is nice. However, I'm not a super fan of the way it scrolls. If you want to look at something live, it's a lot different. You're almost waiting. With the ASDM, where it just flows, you can really see it. The second someone clicks something or does something, you'll see it. The refresh rate on the events in Firepower is not as smooth.I would like to see the inclusion of more advanced antivirus features in the next release of this solution.Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC.I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon.One feature lacking is superior anti-virus protection, which must be added.

Read more »

The GUI could be improved.The price is sometimes very expensive.​In the first two releases of FortiOS 5.6, we had some trouble with the SSL VPN service. Sometimes it stopped working, and the IPS daemon too.Improvements are needed for the responsive UI and JIT traffic reporting.The management tools should be more user-friendly.We encountered scalability issues in IPSec Module. The tunnels freeze sometimes.There were challenges during setup, and many of them were self-inflicted.The user interface (UI) and the performance of interface both need improvement.

Read more »

Pricing and Cost Advice
Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us.We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution.Always consider what you might need to reduce your wasted time and invest it in other solutions.Watch out for hidden licensing and incredibly high annual maintenance costs.We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement.The cost is a big factor for us. This is why we are using it only in our restricted area. They are very much higher than their competitors in the market.Licensing is expensive compared to other solutions.Pricing is high, but it is essentially a corporate decision.

Read more »

Cisco's pricing is high, at times, for what they provide.Our subscription costs, just for the firewalls, is between $400,000 and $500,000 a year.The Firepower series of appliances is not cheap. I just got a quote recently for six firewalls that was in the range of over half-a-million dollars. That's what could push us to look to other vendors...The price of this solution is not good or bad.We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though.The Cisco licensing agreement in Bangladesh is different than the one in India and in Dubai. It is not a problem, but if you want to subscribe to the yearly subscription, the original cost is really high. Also, if you go for an anti-virus, you pay for an additional yearly subscription.It's more expensive than Fortinet and Juniper. The price is high compared to other vendors. In general, for the license, it's not that expensive.Based on the services that you will get, especially the AMP license, the price is very reasonable.

Read more »

The price: It is a bit higher than the other competitors. This is why I started to look at other brands.​The basic pricing in Austria is OK, but asking for special offers, e.g., NPOs, NGOs, trade up, and/or trade in, is always useful.​The price is expensive compared with other vendors, like Cisco and Huawei.The best part of Fortinet is the license is bundled together, so it is easy to use and apply.The pricing and licensing are not as expensive as its competitors.​It is on par with what you receive. It can be expensive upfront.It would be nice to have the ability to extend FortiGuard subscriptions at a reasonable yearly cost versus a bulk three year pricing.​It is an expensive solution if you are migrating from an open source solution.

Read more »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
378,809 professionals have used our research since 2012.
Top Comparisons
Compared 39% of the time.
Compared 29% of the time.
Compared 14% of the time.
Compared 14% of the time.
Also Known As
Cisco ASA, Adaptive Security Appliance, ASACisco Firepower Next-Generation Firewall, FirePOWERFortiGate Virtual Appliance
Learn
Cisco
Cisco
Fortinet
Overview

Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.

Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.

Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.

The Cisco Firepower Next Generation Firewall (NGFW) prevents breaches, and can quickly detect and mitigate stealthy attacks using deep visibility and the most advanced security capabilities of any firewall available today - all while maintaining optimal network performance and uptime. With Cisco NGFW you can automate operations to save time, reduce complexity, and work smarter.

FortiGate Virtual Appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform.

Offer
Learn more about Cisco ASA NGFW
Learn more about Cisco Firepower NGFW
Learn more about FortiGate-VM
Sample Customers
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, WestfieldSecurity7 Networks, COOPENAE
Top Industries
REVIEWERS
Financial Services Firm17%
Comms Service Provider11%
Manufacturing Company11%
University8%
VISITORS READING REVIEWS
Software R&D Company28%
Comms Service Provider16%
Media Company8%
Retailer5%
REVIEWERS
Financial Services Firm42%
Comms Service Provider25%
Transportation Company17%
Manufacturing Company17%
VISITORS READING REVIEWS
Software R&D Company26%
Comms Service Provider19%
Financial Services Firm6%
Government6%
No Data Available
Company Size
REVIEWERS
Small Business36%
Midsize Enterprise25%
Large Enterprise39%
VISITORS READING REVIEWS
Small Business35%
Midsize Enterprise20%
Large Enterprise45%
REVIEWERS
Small Business44%
Midsize Enterprise28%
Large Enterprise28%
No Data Available
Find out what your peers are saying about Cisco Firepower NGFW vs. FortiGate-VM and other solutions. Updated: November 2019.
378,809 professionals have used our research since 2012.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Sign Up with Email