We performed a comparison between Cisco Secure Firewall and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."FortiGate Secure SD-WAN includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering."
"It is easy to use. We chose this product for the possibility to have virtual domains (VDOMs). We are building another company in the group, and we would like to split the firewalling rules and policies between these two companies. Each company would be able to manage its own policies and security rules, which is an advantage of Fortinet FortiGate. We can define VDOMs, and every company can manage its own VDOM as if it has its own physical firewall, but in fact, we would be using the same physical appliance because we are also using the same internet lines. So, it allows us to reuse the existing resources without the disadvantage of having to compromise on policies and security. Each company can choose its own way of working."
"The most valuable feature is the SSL VPN, as it allows us to connect and it separates this product from other firewalls."
"It is simple to manage, and there are a lot of functionalities in the same box."
"Allows for firewall rules to be programmed and named in a way that makes it “readable”"
"Fortinet FortiGate is easy to use. Anyone can easily maintain it."
"Some of the valuable features are the firewall, IPS, web filter, and gateway capabilities. Additionally, it is easy to use and flexible."
"This is an easy solution to deploy."
"Because of the deeper inspection it provides we have better security and sections that allow users broader access."
"Previously, our customers had to always utilize hand-to-hand delivery. Now, they are able to move completely to a secure digital method. They use a strictly dark fiber optics connection from a central location to the endpoint."
"The solution's dashboard is fine, and in terms of support, Cisco is better than other OEMs in the market."
"Application inspection, network segmentation, and encrypted traffic detection or encrypted traffic analysis (ETA) are valuable for our customers."
"The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"It is pretty stable. I haven't seen many issues during the past four years."
"The fact that we can use Firepower Management Center gives us visibility. It allows us to see and manage the traffic that is going through the network."
"It scales linearly with load and no issues."
"The most valuable features are security and support."
"The solution strengthens our IT posture."
"Palo Alto Networks VM-Series is easy to maintain...From a security point of view, I find Palo Alto Networks VM-Series to be a better product compared to the other solutions in the market."
"The feature that I have found the most useful is that it meets all our requirements technically."
"The most valuable feature of the solution is the zero-trust security architecture."
"Using Palo Alto Networks Panorama, we were able to deploy a single point of management and visualization of the firewall infrastructure in cloud, on-premise and integrated with Azure to automate scale up. Its security features, i.e. anti-malware, threat prevention, URL Filtering, VPN, and antivirus are the most valuable. The ID-User integrated with AD and 2FA features are also very useful to provide secure access to servers and some users in the company. "
"The most valuable feature is the CLI."
"It claims it does DLP, but the degree and level of controls are very basic."
"The graphical user interface of Fortinet's FortiGate product does not function well with text-based interfaces."
"To the best of my knowledge, Fortinet does not have a CASB solution and Fortinet does not have a Zero trust solution."
"Fortinet FortiGate could improve by having more storage in the hardware for log data."
"The setup is pretty complex and not easy to implement."
"Their software support needs improvement. I would prefer to have better support for bug fixes. Sometimes, we open a ticket, and it is very difficult to get a solution. Specifically, we are not at all happy with their support for load balancing."
"One area for improvement is the performance on bandwidth demands for smaller devices, as well as better web filtering."
"One issue that I have had is that sometimes I need to monitor the traffic, so I need to filter it according to the user and which user is using it the most. I experience a bottleneck most of the time, particularly at the peak time when the number of contracts and users are at maximum."
"I would like it if there was a centralized way to manage policies, then sticking with the network functions on the actual devices. That is probably the thing that frustrates me the most. I want a way that you can manage multiple policies at several different locations, all at one site. You then don't have to worry about the connectivity piece, in case you are troubleshooting because connectivity is down."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"I would like to see an IE version of the solution where it is ruggedized."
"The process of procuring modern-day technology within the DOD needs to improve."
"The user interface for the Firepower management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For Firepower, the user interface is not very user-friendly. It's a little bit confusing sometimes."
"We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover."
"Comparing Cisco solution to others, it is expensive, it would be better for it to be cheaper."
"In terms of what could be improved, I would say the UTM part should be more integrated for one price, because if you buy ASA from Cisco, you need to buy another contract service from Cisco as a filter for the dictionary of attacks. In Fortinet, you buy a firewall and you have it all."
"The utilization monitoring and GUI have room for improvement."
"The product could be better in terms of performance than one of its competitors."
"The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries."
"The product could provide protection above Layer 3, which gets into the application layer and provides better visibility into those aspects of application security."
"The reporting part of the product is an area of concern where improvements are required."
"People are less aware of Palo Alto."
"It'll help if Palo Alto Networks provided better documentation."
"The web interface is very slow, and it needs to be faster."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Palo Alto Networks VM-Series is ranked 11th in Firewalls with 53 reviews. Cisco Secure Firewall is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Palo Alto Networks NG Firewalls, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Palo Alto Networks NG Firewalls, Juniper SRX Series Firewall and Huawei NGFW. See our Cisco Secure Firewall vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I can't say for Palo Alto as I haven't tried them myself, but I'd advise against FTDs and Firepower Management Center.
* Firepower systems take about 4 minutes on average to make config changes (it's referred to as "Deployment", can take 1-6 minutes depending type of change you're making). which makes troubleshooting a nightmare.
* it is overall very buggy, we had to open at least 2-3 tickets per year with Cisco to fix issues with our system that has only 2 firewalls working in HA. some that required upgrading software. some cases required involvement from R&D to diagnose and fix, and took more than a week. I don't want to imagine the administration overhead of having several bugs in several different sites (I'd think "10K+ employees" operate in more than one site) and having to troubleshoot each with the Cisco TAC (Cisco TAC is good compared to other vendors, but it's not their fault the software is buggy).
* I'm not sure this is the case for FTDv, but I don't think that would be different.
I suggest you implement test sites using both solutions through a POC if possible before migrating such a large environment.
Neither.
I'd pick Fortinet's products for a variety of reasons, but the #1 reason being they are easier to use and maintain. And they are better for TSCM work which is something we specialize in (Technical Surveillance Countermeasures - and within networks).