We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's very fast and easy to configure."
"Customers are more inclined towards FortiGate because of application control, web filtering, and anti-spam features. The support from the FortiGate team is good, and price-wise, it is affordable."
"The CLI is robust and powerful, enabling rapid, consistent changes via SSH."
"Consolidated our network environment at all locations, but mainly at our datacenter."
"The most important feature, normally for small business customers, is link load balancing."
"Its performance in fulfilling our requirements has been satisfactory."
"We've found the solution to be pretty stable."
"The technical support in our region is excellent."
"It's the VPN side of things that has been most useful for us. It allows us to secure our users even when they're working from home. They are able to access all of our resources, no matter where they are in the world."
"The most important feature is its categorization because on the site and social media you are unified in the way they are there."
"The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control."
"The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ."
"ASA 5505 and ASA 5506 are very powerful tools to use in a business environment, and provide a lot of security."
"All the rules are secure and we haven't had a significant malware attack in the five years that we've been using ASA Firewall. It has been a tremendous improvement for our network. However, I can't quantify the benefits in monetary terms."
"Stability is perfect. I haven't had any problems."
"We definitely feel more secure. We have more control over things going in and out of our network."
"The VM-Series scalability is fast and easy to implement, improving our security posture as our Azure network grows."
"In terms of security breaches, the product aids in categorizing and monitoring traffic, allowing for the identification of potentially malicisous or incorrectly formatted applications."
"The most valuable features are web control and IPS/IDS."
"The Palo Alto VM-Series is nice because I can move the firewalls easily."
"It offers a single pane of glass for all the different types of installations."
"What I like about the VM-Series is that you can launch them in a very short time."
"In Palo Alto the most important feature is the App-ID."
"AWS has improved our agility to apply firewall rules. It has reduced the amount of time that it takes to apply firewall rules because everything is based in the cloud."
"The pricing could always be better."
"While FortiGate is cheaper than most other solutions, we're seeing increased license renewal costs. Most of our clients are asking for more significant discounts because the price is going up."
"They should improve high CPU and memory usage that occurs."
"The pricing could be a bit better, especially when you consider how they have the most basic offering priced."
"The UI could be improved."
"To the best of my knowledge, Fortinet does not have a CASB solution and Fortinet does not have a Zero trust solution."
"Fortinet FortiGate is a firewall solution and once it's deployed, you can rest assured that your system is secure."
"A lack of integration between our data centers."
"In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines."
"The solution's deployment is time-consuming, which should be minimized and made more user-friendly for us."
"Its implementation was not straightforward. It was mainly because we were running two projects together."
"The interface for monitoring could be improved to allow better views to make troubleshooting easier."
"Sometimes, it is not easy to troubleshoot. You need to know where to go. It took me quite awhile. It's like, "Okay, if it doesn't go smoothly here, then go find the documentation." Once you do it, it is not so bad. However, it is sometimes a steep learning curve on the troubleshooting part of it."
"The IPS module is combined with the main operating system."
"The Cisco ASA device needs overall improvement, as configurations alone do not completely secure my network."
"Even on a smaller scale, people are finding you need HA pairs, and there's no way that the ASA can do that, at least in the virtual version."
"I would like a way to do everything programmatically, or be able to copy the configs from different prices at different levels."
"It is not very easy to scale up the solution."
"The DLP functionality or data classification can be improved in the solution's basic firewalling."
"In the next release, I would like to see better integration between the endpoints and the firewalls."
"There are various reports that come with the box or with the VMware, but you can only run them daily."
"All areas need improvement: manufacturing, education, financial, etc."
"We have run into some issues with scaling and limitations associated with some of the configurations."
"The only minor issue we've faced is with the app's ID configuration, which requires specific matching for application filtering."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 52 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Palo Alto Networks NG Firewalls, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Juniper SRX Series Firewall and Huawei NGFW. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.
* Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.
* it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).
* I'm not sure this is the case for FTDv, but I don't think that would be different.
I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.
Neither.
I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain. And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).