Compare Cisco Firepower NGFW vs. Palo Alto Networks WildFire

Cisco Firepower NGFW is ranked 6th in Firewalls with 22 reviews while Palo Alto Networks WildFire is ranked 1st in Advanced Threat Protection with 9 reviews. Cisco Firepower NGFW is rated 8.0, while Palo Alto Networks WildFire is rated 8.8. The top reviewer of Cisco Firepower NGFW writes "Enables analysis, diagnosis, and deployment of fixes quickly, but the system missed a SIP attack". On the other hand, the top reviewer of Palo Alto Networks WildFire writes "Good technical support and provides automatic analysis that saves us time in filtering email". Cisco Firepower NGFW is most compared with Fortinet FortiGate, Cisco ASA NGFW and Palo Alto Networks WildFire, whereas Palo Alto Networks WildFire is most compared with Fortinet FortiGate, Cisco Firepower NGFW and Zscaler Internet Access.
You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about Fortinet, pfSense, Cisco and others in Firewalls. Updated: March 2020.
406,312 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Unfortunately in Cisco, only the hardware was good.For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out, and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world.The information coming from Talos does a good job... I like the fact that Cisco is working with them and getting the information from them and updating the firewall.The firepower sensors have been great; they do a good job of dropping unwanted traffic.The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos.The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats.I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall.The technical team is always available when we have problems.

Read more »

Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality.They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. So that is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities.With the FMC and the FirePOWERs, the ability to quickly replace a piece of hardware without having to have a network outage is useful. Also, the ability to replace a piece of equipment and deploy the config that the previous piece of equipment had is pretty useful.We can easily track unauthorized users and see where traffic is going.The protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sitesThe IPS, as well as the malware features, are the two things that we use the most and they're very valuable.The most valuable features of Cisco firewalls are the IPS and IDS items. We find them very helpful. Those are the biggest things because we have some odd, custom-made products in our environment. What we've found through their IPS and IDS is that their vulnerability engines have caught things that are near-Zero-day items, inside of our network.Once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering.

Read more »

Using WildFire has reduced the number of viruses and the amount of malware that comes into our system, which means that I don't have to rely on the end-users to identify it.The way that the solution quickly updates to adjust to threats is the solution's most valuable aspect. When there's a security attack, within five minutes, all Wildfire subscribers have access to updates so that all systems will be safe. Its threat prevention is way better than other vendor products.The most valuable feature is the Automatic Verdict, to recognize whether something is a threat, or not.They have many different options with Palo Alto WildFire and the set-up is quick. If you have all the details in hand, it does not take more than 15 minutes to deploy a firewall.It helps us when segmenting and securing the network and all sort of technologies, all sort of next generation needs. It's next generation phases of firewall like anti-virus, sandboxing, wifi, and VPN.Being an application-based firewall, this is one of the critical focus factors along with the threat prevention services it provides.It is stable and pretty much scalable.The cloud-based services are a nice feature.

Read more »

In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline.We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out.Our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help.The software was very buggy, to the point it had to be removed.Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products.I have found that Cisco reporting capabilities are not as rich as other products, so the reporting could be improved.The Sandbox and the Web Censoring in this solution need to be improved.It will be nice if they had what you traditionally would use a web application scanner for. If the solution could take a deeper look into HTTP and HTTPS traffic, that would be nice.

Read more »

The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved.I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon.We had an event recently where we had inbound traffic for SIP and we experienced an attack against our SIP endpoint, such that they were able to successfully make calls out... Both CTR, which is gathering data from multiple solutions that the vendor provides, as well as the FMC events connection, did not show any of those connections because there was not a NAT inbound which said either allow it or deny it.We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful.The user interface for the FirePOWER management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For FirePOWER, the user interface is not very user-friendly. It's a little bit confusing sometimes.For the new line of FTDs, the performance could be improved. We sometimes have issues with the 41 series, depending what we activate. If we activate too many intrusion policies, it affects the CPU.The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it.In Firepower, there is an ability to search and dig into a search, which is nice. However, I'm not a super fan of the way it scrolls. If you want to look at something live, it's a lot different. You're almost waiting. With the ASDM, where it just flows, you can really see it. The second someone clicks something or does something, you'll see it. The refresh rate on the events in Firepower is not as smooth.

Read more »

It would be nice if there was an easier way to install and deploy it, such as through the inclusion of wizards.The size of Palo Alto's cloud is big but it could be easier to use from a product management perspective.I would like to see them continue on their developmental roadmap for the product.There are certain changes that I was expecting in the previous version, and I hope that they are soon fixed. All of the problems that I have faced so far have been resolved.Other vendors have some sort of bandwidth management built into the firewall itself and Palo Alto is missing that.As a firewall and 360 degrees of security, there needs to be more maturity.The initial setup was complex.I think it would be nice for Palo Alto to work without the connection to the cloud. It is 100% powerful when connected to the cloud. But, if you disconnect from the cloud, you only get 40-50% power.

Read more »

Pricing and Cost Advice
Always consider what you might need to reduce your wasted time and invest it in other solutions.Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us.We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution.We are in the process of renewing our three-year license, which costs approximately $24,000 USD for the thirty-six months.The pricing for Cisco products is higher than others, but Cisco is a very good, strong, and stable technology.The program is very expensive.The cost of this solution is high.Some of our customers would be more likely to standardize on Cisco equipment if the cost was lower because a lot of people install cheap equipment.

Read more »

We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though.The one-time cost is affordable, but the maintenance cost and the Smart Net costs need to be reduced. They're too high.Cisco's pricing is high, at times, for what they provide.Our subscription costs, just for the firewalls, is between $400,000 and $500,000 a year.The Firepower series of appliances is not cheap. I just got a quote recently for six firewalls that was in the range of over half-a-million dollars. That's what could push us to look to other vendors...The price of this solution is not good or bad.The Cisco licensing agreement in Bangladesh is different than the one in India and in Dubai. It is not a problem, but if you want to subscribe to the yearly subscription, the original cost is really high. Also, if you go for an anti-virus, you pay for an additional yearly subscription.It's more expensive than Fortinet and Juniper. The price is high compared to other vendors. In general, for the license, it's not that expensive.

Read more »

We pay between $3,000 and $4,000 CAD ($2,200 - $3,000 USD) per year to maintain this solution.The licensing fees are on an annual basis, and there are no costs in addition to the standard fees.It's pretty expensive but with respect to value for money, it's okay.It is a reasonable price compared to other solutions on the market.The pricing is OK, it is not too expensive.

Read more »

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
406,312 professionals have used our research since 2012.
Answers from the Community
Senthil Kumar Manian
author avatarPeter Reibstein

Palo Alto was the first company to tackle perimeter protection via applications instead of port blocking their install base is massive including the Fortune 50 Cisco is a household name but when it comes to App FW's Palo is the name and they have much more time within the market place to hone their product sets because they invented this architecture. Fortinet, Cisco CheckPoint, Sophos Barracuda , Cisco etc. they are followers not leaders. I like new technology and have been doing research for many years on great products and some real dogs. Years ago there used to be a saying no one ever got fired for buying IBM

Here are a couple of winners you should look at Critical Start, Secuerlink and Okta sorry got off topic typical Sales Guy... Ha Ha. If anyone wants to take a look at any of these new platforms please let me know - Thx

author avatarErich Bart

The biggest difference is that Cisco has many point solutions that are not fully orchestrated or can only forward certain data. Palo Alto Networks (No. 1 winner of Forrester Report Q04/18 for Eco Systems Provider) is different.

What is a Palo Alto ecosystem:
There are certainly more than enough top UEBA solutions for endpoint detection, response and network traffic analysis - EDR and NTA - but most force your analysts to manually merge information, slowing investigation and increasing complexity. The Palo Alto Networks ecosystem Cortex XDR™,
on the other hand, features a cloud-based detection and response app and blindly removes spots by merging network, endpoint and cloud data. The automatic exchange of security-relevant information between and within the integrated solutions is crucial, as is the automated resolution of incidents to relieve the SoC team.

author avatarNicholas S (scc)

You have Cisco Firepower integrated into the same web-based access GUI than all other Cisco products into one page. And Cisco is a well-known brand with excellent after-sales services worldwide.

About Palo Alto, it seems like a good product also but it does not connect to the same web-based access GUI for Cisco products. And maybe the after-sales services might not be worldwide or not as fast as Cisco.

author avatarGirish Vyas
Real User

Hello there. That is a valid question many would have when they evaluate a product. However comparison of Wildfire and Cisco NGFW would not be correct. It should be compared with what is known as Threatgrid from Cisco which does the same function of sand boxing as that of Palo Alto Wildfire. When you compare both they have their own intelligence unit, Cisco has Talos while Palo Alto has Unit 42 and both will give you a decent protection from zero day. However the product can be differentiated only on the support as both are big names and will deliver the best for their customer. However Cisco support for product is better. That’s where the difference is. Palo Alto being pure focused on security, does determine to application level while Cisco being a networking. Company has an integrated strategy. So overall both product are good. Just that level of support is something someone should definitely evaluate before getting their hands in it. Just my 2 cents.

author avatarYousif Alshami

I didn’t work with Cisco Firepower that much but the main difference is that Cisco Firepower is a combined source fire and firewall and they have different mechanisms than Palo Alto Wildfire. It has multiple virtual machines running the malware and gives you the results. If there is no signature it will generate one and upload it to the cloud.

author avatarMANEESH MS PILLAI
Real User

Network Speed is stable in Cisco and security is better in Cisco.

I strongly recommended you proceed with Cisco.

author avatarEmad Ul Haq
Real User

1. The underlying difference is the threat engine both feed from, both are equally good as none of them comes from a small company.
2. Cisco has an edge on a few things such as it has a bigger fleet to natively collect threats, such as switching, routing, wireless, firewalls and so on. Palo Alto, on the other hand, doesn’t have that, however, these days all major security providers integrate their threat feeds.
3. Some basic comparisons of the platforms are below.
* Firepower is an awesome NGFW addition to the Cisco fleet, however, it has gone through a lot of integrations with and without ASA which has resulted in inconsistency, both in terms of its management and capabilities.
* PaloAlto, on the other hand, is another awesome NGFW which provides you not only brilliant security but also ease of management, it has been like this for a while and the platform is consistent and mature.
* Firepower natively lacked routing capabilities out of the box, unsure what is the latest however PaloAlto comes with feature-rich routing capabilities such as BGP, Route-based VPN etc.
* I have found Panorama to be far more simplistic than ASDM. The firepower FMC provides a good intuitive dashboard but I still prefer Panorama for its single pane of glass.
* Logging in PaloAltos/Panorama is simple as compared to typical ASDM logs, FMC has decent logging.
* You may find Palos to be expensive, I am not updated with the new pricing model of both but that is how it was for some time.

author avatarPeter Reibstein

Compare Cisco Firepower NGFW vs. Palo Alto Networks WildFire

Cisco Firepower NGFW is ranked 9th in Firewalls with 19 reviews while Palo Alto Networks WildFire is ranked 1st in Advanced Threat Protection with 9 reviews. Cisco Firepower NGFW is rated 7.8, while Palo Alto Networks WildFire is rated 8.8. The top reviewer of Cisco Firepower NGFW writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks WildFire writes "Traffic is scanned in a single flow which improves the response times for the user". Cisco Firepower NGFW is most compared with Fortinet FortiGate, Cisco ASA NGFW and Palo Alto Networks WildFire, whereas Palo Alto Networks WildFire is most compared with Fortinet FortiGate, Cisco Firepower NGFW and Cisco ASA NGFW.

Top Comparisons
Compared 38% of the time.
Compared 10% of the time.
Also Known As
Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire FirewallsCisco Firepower Next-Generation Firewall, FirePOWER
Palo Alto Networks

Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.

Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.

Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.

The Cisco Firepower Next Generation Firewall (NGFW) prevents breaches, and can quickly detect and mitigate stealthy attacks using deep visibility and the most advanced security capabilities of any firewall available today - all while maintaining optimal network performance and uptime. With Cisco NGFW you can automate operations to save time, reduce complexity, and work smarter.

WildFire™ cloud-based threat analysis service is the industry’s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis, innovative machine learning techniques, and a groundbreaking bare metal analysis environment to detect and prevent even the most evasive threats.
Learn more about Cisco ASA NGFW
Learn more about Cisco Firepower NGFW
Learn more about Palo Alto Networks WildFire
Sample Customers
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, WestfieldNovamedia, Nexon Asia Pacific, Lenovo, Samsonite, IOOF, Sinogrid, SanDisk Corporation
Top Industries
Financial Services Firm19%
Manufacturing Company10%
Comms Service Provider9%
Software R&D Company6%
Software R&D Company28%
Comms Service Provider19%
Media Company7%
Construction Company5%
Financial Services Firm42%
Transportation Company17%
Manufacturing Company17%
Comms Service Provider17%
Software R&D Company26%
Comms Service Provider24%
Media Company5%
Financial Services Firm10%
Energy/Utilities Company10%
Venture Capital & Private Equity Firm10%
Software R&D Company31%
Comms Service Provider16%
Media Company6%
Company Size
Small Business35%
Midsize Enterprise25%
Large Enterprise40%
Small Business39%
Midsize Enterprise20%
Large Enterprise41%
Small Business38%
Midsize Enterprise27%
Large Enterprise35%
Small Business46%
Midsize Enterprise13%
Large Enterprise42%
Small Business17%
Midsize Enterprise19%
Large Enterprise63%
Find out what your peers are saying about Fortinet, pfSense, Cisco and others in Firewalls. Updated: March 2020.
406,312 professionals have used our research since 2012.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.