We performed a comparison between Cisco Secure Firewall vs. pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco Secure Firewall and pfSense come out about equal in this comparison. Cisco ASA Firewall has a slight edge when it comes to service and support, but pfSense has an edge when it comes to pricing.
"I think that the UTM features are the most value, as it truly protects my infrastructure."
"The most valuable features are the possibility of having one fabric for switching on security."
"It has improved our security capabilities."
"The most important features with FortiGate are the web filter and application controls. We can control our internet usage and use the web filter for application purposes."
"The most valuable features are SD-WAN, application control, IPS control, and FortiSandbox."
"Fortinet FortiGate's ease of management is the most valuable feature."
"The simplicity of the configuration and the stability of the product are most valuable. The VPN concentrator is very useful."
"Layer-3 firewall and routing are the most valuable features."
"Its security and filtering are most valuable. Every layer of data that comes into the organization goes through it. After setting up the criteria, it automatically filters the traffic. We don't have to check it often."
"Manageability of Cisco ASA. It has a GUI interface, unlike the most of Cisco IOS. For beginners they can "sneak in" and apply the command and see the actual commands that the GUI launches. In addition, Cisco has the reputation regarding security."
"Application inspection, network segmentation, and encrypted traffic detection or encrypted traffic analysis (ETA) are valuable for our customers."
"Valuable features include DMZ segmentation, and IDS and IPS."
"The initial setup was completely straightforward."
"Collaboration with other Cisco products such as ISE and others is the most valuable feature."
"IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"Sophos Intercept X is scalable. Currently, we have almost 30 people using it in our company."
"Its reliability and cost-effectiveness stand out."
"At our peak time, we have reached more than 5,000 concurrent connections."
"My technicians find the pfSense's web interface very useful. It is very easy to use. pfSense is very reliable and stable. We like the OpenVPN clients that can be deployed using pfSense very much."
"I have found the firewall portion for the blocking most valuable."
"It works. I put pfSense in, and it works. I can't think of any trouble I ever had with it. It runs on heat-sensitive appliances. They don't need a fan, so they don't overheat. It is affordable, fast, and very high-speed. It is built on BSD Unix, and it pretty much runs on any Intel processor."
"We like the fact that the product is open-source. It's free to use. There are no costs associated with it."
"We can run it on any hardware."
"There are some cloud-based features that could be much more flexible than they currently are."
"They need to improve their technical support."
"The debugging and troubleshooting has room for improvement."
"They need faster serviceability and more security features."
"It could use better throughput on some of the smaller boxes for the branch offices."
"There is a lot of improvement needed with SSL-VPN."
"The reporting in Fortinet FortiGate could improve. Customers are having to purchase additional reporting components. When I have used the Sophos solution it is a complete solution, in Fortinet FortiGate you have to use additional tools to have the features needed."
"We would like to have the ability to disable some of the security functionalities."
"The most valuable features of the product are the VPN and the NextGen firewall features such as application control, URL filtering, etc."
"The ASA has become a bit old and needs updating."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"More intuitive support for SIP services are needed. This took a long time to configure properly for the user."
"Sometimes, it is not easy to troubleshoot. You need to know where to go. It took me quite awhile. It's like, "Okay, if it doesn't go smoothly here, then go find the documentation." Once you do it, it is not so bad. However, it is sometimes a steep learning curve on the troubleshooting part of it."
"One area that could be improved is its logging functionality. Your logs are usually displayed on the screen, but if you want to go back one or two days, then you need another solution in place because those logs are overwritten within minutes."
"There may have been one or two incidences of malicious threats."
"Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version."
"I have been using WireGuard VPN because it is a lot faster and more secure than an open VPN. However, in the latest version of pfSense, they have removed this feature, which is one of the main features that I need. They should include this feature."
"I would like to see different graphs available in the reporting."
"The main problem with pfSense is that it lacks adequate ransomware protection."
"Needs services on additional features, such as managing inventory and generating reports."
"The integration could be improved."
"Lacks instructional videos."
"The VPN feature of the solution could improve by adding better functionality and providing easier configure ability."
"My only observation is about the quality of the IPSec logs, which are difficult to interpret and are poor in filters."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Netgate pfSense is ranked 1st in Firewalls with 128 reviews. Cisco Secure Firewall is rated 8.2, while Netgate pfSense is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Meraki MX, Sophos XG, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Netgate pfSense is most compared with OPNsense, Sophos XG, Sophos UTM, KerioControl and WatchGuard Firebox. See our Cisco Secure Firewall vs. Netgate pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.