Compare Palo Alto Networks NG Firewalls vs. Palo Alto Networks VM-Series

Cancel
You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about Palo Alto Networks NG Firewalls vs. Palo Alto Networks VM-Series and other solutions. Updated: July 2021.
521,817 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment.""The most valuable feature of the Firepower solution is FireSIGHT, which can be easily managed and is user-friendly.""Once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering.""The most valuable features of Cisco firewalls are the IPS and IDS items. We find them very helpful. Those are the biggest things because we have some odd, custom-made products in our environment. What we've found through their IPS and IDS is that their vulnerability engines have caught things that are near-Zero-day items, inside of our network.""The IPS, as well as the malware features, are the two things that we use the most and they're very valuable.""The protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sites""We can easily track unauthorized users and see where traffic is going.""With the FMC and the FirePOWERs, the ability to quickly replace a piece of hardware without having to have a network outage is useful. Also, the ability to replace a piece of equipment and deploy the config that the previous piece of equipment had is pretty useful."

More Cisco Firepower NGFW Firewall Pros »

"This solution not only provides better security than flat VLAN segments but allows easy movement through the lifecycle of the server.""The most valuable features are the IPS/IDS subscriptions.""Provision of quality training material and the reporting is very good.""The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to.""The interface and dashboards are good.""The most valuable feature is the security provided by the ATP.""I like that it has high security.""Innovative, advanced threat protection is the most valuable feature."

More Palo Alto Networks NG Firewalls Pros »

"The most valuable aspects of this solution are that it's simple and stable. It has better security aspects compared to other similar solutions.""The most valuable features are security and support.""The interface with Panorama makes it very easy to use.""The most valuable features are web control and IPS/IDS.""In Palo Alto the most important feature is the App-ID.""The most valuable feature is the Posture Assessment.""The most valuable feature is that you can control your traffic flowing out and coming it, allowing you to apply malware and threat protection, as well as vulnerability checks.""The Palo Alto VM-Series is nice because I can move the firewalls easily."

More Palo Alto Networks VM-Series Pros »

Cons
"Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC.""I would like to see the inclusion of more advanced antivirus features in the next release of this solution.""In Firepower, there is an ability to search and dig into a search, which is nice. However, I'm not a super fan of the way it scrolls. If you want to look at something live, it's a lot different. You're almost waiting. With the ASDM, where it just flows, you can really see it. The second someone clicks something or does something, you'll see it. The refresh rate on the events in Firepower is not as smooth.""The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it.""For the new line of FTDs, the performance could be improved. We sometimes have issues with the 41 series, depending what we activate. If we activate too many intrusion policies, it affects the CPU.""The user interface for the Firepower management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For Firepower, the user interface is not very user-friendly. It's a little bit confusing sometimes.""We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful.""We had an event recently where we had inbound traffic for SIP and we experienced an attack against our SIP endpoint, such that they were able to successfully make calls out... Both CTR, which is gathering data from multiple solutions that the vendor provides, as well as the FMC events connection, did not show any of those connections because there was not a NAT inbound which said either allow it or deny it."

More Cisco Firepower NGFW Firewall Cons »

"I wish that the Palos had better system logging for the hardware itself.""In the future, I would like to see more OTP features.""Need improvement with their logs, especially the command line interface.""We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved.""The pricing could be improved upon.""I would like the option to be able to block the traffic from a specific country in a few clicks.""The whole performance takes a long time. It takes a long time to configure.""The user interface is probably not as slick as it could be."

More Palo Alto Networks NG Firewalls Cons »

"In the next release, I would like for them to develop an anti-malware functionality in which it checks for malicious files like Cisco has.""There should be an option for direct integration with the Azure platform.""The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI.""I would like to have automatic daily reporting, such as how many users have connected via SSL VPN.""The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries.""In the next release, I would like to see better integration between the endpoints and the firewalls.""The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway.""The product needs improvement in their Secure Access Service Edge."

More Palo Alto Networks VM-Series Cons »

Pricing and Cost Advice
"The price of this solution is not good or bad.""The Firepower series of appliances is not cheap. I just got a quote recently for six firewalls that was in the range of over half-a-million dollars. That's what could push us to look to other vendors...""Our subscription costs, just for the firewalls, is between $400,000 and $500,000 a year.""Cisco's pricing is high, at times, for what they provide.""The one-time cost is affordable, but the maintenance cost and the Smart Net costs need to be reduced. They're too high.""We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though.""Cisco pricing is premium. However, they gave us a 50 to 60 percent discount.""There are additional implementation and validation costs."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"The price of this product should be reduced.""The pricing is competitive in the market.""This is an expensive product, which is why some of our customers don't adopt it.""The product is expensive compared to competing products but uses a similar type of pricing model based on hardware, software and maintenance.""It is a little bit expensive than other firewalls, but it is worth every penny. There are different licenses for the kinds of services you want to use. When we buy a new product, we go for a three-year subscription.""It is a little bit expensive.""The NG firewall is an expensive solution.""This is an expensive product and there is a subscription cost."

More Palo Alto Networks NG Firewalls Pricing and Cost Advice »

"The price of this solution is very high for some parts of Africa, which makes it a challenge.""Palo Alto can be as much as two times the price of competing products that have twice the capabilities.""The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used.""Because I work for a university and the URL is for the institution, it's a free license for us.""It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years.""The VM series is licensed annually."

More Palo Alto Networks VM-Series Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
521,817 professionals have used our research since 2012.
Answers from the Community
Donny Lee
author avatarDirectser677 (Technology Services Director at a tech services company with 11-50 employees)
Reseller

In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it kind of depends what you value most.


PA is good at app control, web filtering and such like, they have always been top of the pile there.  The GUI is very good, and their product is very user-focused.


Fortinet is good for scalability and predictable high throughput (ASICs in the hardware), and useful things like authentication flexibility, CLI config (if you have any networking/Cisco people, they always seem to prefer CLI over GUI)  and have better OT features, maybe relevant to your manufacturing use?


Fortinet seem to have a broader integration offering with their security fabric than PA do, plus they can do Fortinet-based wifi, switching, etc. Depends if you are prepared to go all-in with a single vendor.

author avatarLucas Damien
User

Hi


PaloAlto is better when working on app control feature and special virtual wire links.


Execpt that specific point, Fortinet is above.


Best Regards,


Damien

author avatarABHILASH TH
Reseller

Hi,


Both FT and PA have compelling features for large Enterprises. I would like to add a few good points about Fortinetwhich might be helpful ( from my 13 years of engagement with them as Distributor and Partner)


Fortinet: 


Have higher throughput; which comes with competitive rates


Wide range of models to select to meet your requirement, without spending heavliy


Outstanding customer support and very active customer care team


Easly available skilled resources from the channel for deployment and post-implementation support 


Regards


Abhilash



author avatarAlexander Denisenko
User

Hello. The question is what you are going to have as a result of application

Questions from the Community
Top Answer: Ease of Use - GUI familiarities  and adoption level can differ from user to user. - Personally I found CISCO  ASA… more »
Top Answer: Cisco Firepower Family and it is a NGFW since ASA is just a FW.
Top Answer: There are plenty of features available in this solution, such as attack blocker and spam blocker. Additionally, it is… more »
Top Answer: We are on an annual license for this solution. I am happy with the price and when comparing it to other solutions it is… more »
Top Answer: The initial setup was straightforward.
Top Answer: The VM series is licensed annually. The option exists to procure a basic license. With this, the firewall feature comes… more »
Top Answer: When we activate the solution on Amazon, instead of AWS, GCP or another type of public cloud, we encounter problems, as… more »
Popular Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall, Palo Alto Networks PA-Series
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Palo Alto Networks' next-generation firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use. Now, you can accelerate growth and eliminate risks at the same time.

The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.

The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.

In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.

Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Palo Alto Networks NG Firewalls
Learn more about Palo Alto Networks VM-Series
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
Warren Rogers Associates
Top Industries
REVIEWERS
Comms Service Provider21%
Financial Services Firm18%
Manufacturing Company9%
Non Profit9%
VISITORS READING REVIEWS
Comms Service Provider35%
Computer Software Company20%
Government6%
Manufacturing Company4%
REVIEWERS
Comms Service Provider24%
Computer Software Company18%
Financial Services Firm13%
Healthcare Company8%
VISITORS READING REVIEWS
Comms Service Provider26%
Computer Software Company23%
Government6%
Energy/Utilities Company5%
REVIEWERS
Financial Services Firm23%
Manufacturing Company15%
Government15%
Energy/Utilities Company8%
VISITORS READING REVIEWS
Computer Software Company30%
Comms Service Provider18%
Energy/Utilities Company5%
Government5%
Company Size
REVIEWERS
Small Business40%
Midsize Enterprise28%
Large Enterprise32%
VISITORS READING REVIEWS
Small Business13%
Midsize Enterprise13%
Large Enterprise74%
REVIEWERS
Small Business42%
Midsize Enterprise30%
Large Enterprise28%
VISITORS READING REVIEWS
Small Business30%
Midsize Enterprise18%
Large Enterprise53%
REVIEWERS
Small Business35%
Midsize Enterprise32%
Large Enterprise32%
Find out what your peers are saying about Palo Alto Networks NG Firewalls vs. Palo Alto Networks VM-Series and other solutions. Updated: July 2021.
521,817 professionals have used our research since 2012.

Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 60 reviews while Palo Alto Networks VM-Series is ranked 11th in Firewalls with 16 reviews. Palo Alto Networks NG Firewalls is rated 8.4, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Azure Firewall, Sophos XG, pfSense and OPNsense, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate, Cisco ASA Firewall, Juniper SRX and Check Point NGFW. See our Palo Alto Networks NG Firewalls vs. Palo Alto Networks VM-Series report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.