We just raised a $30M Series A: Read our story

Cisco IOS Security Competitors and Alternatives

Get our free report covering Zyxel, Fortinet, Cisco, and other competitors of Cisco IOS Security. Updated: November 2021.
552,136 professionals have used our research since 2012.

Read reviews of Cisco IOS Security competitors and alternatives

BT
Virtual CIO/ CISO at Kyber Security
Real User
Easy to implement, fairly stable, and supports SSL-DPI

Pros and Cons

    • "From a support perspective, if we're talking tech support I think Silver Partners, Gold Partners, Platinum, whatever level, should have a different number to call. End users can call tech support over at SonicWall if they've paid for support as part of their AGSS or whatever services they bought. The end-user can call, or we can call, however, I don't want to be calling the same line that an end user's calling. I don't want the same response time. I need a different level of expertise."

    What is most valuable?

    Once we moved the units up to the Gen 6 platform, they could support SSL-DPI. We are huge fans of the DPI. That piece is incredibly easy to implement. I'd say probably the most powerful thing about the solution is that coupled with the captured functionality. 

    What needs improvement?

    We've turned the SSL inspection on, and it is a nightmare. It doesn't mean it doesn't work, but it will turn your world upside down for weeks until you tune it and get it right. That's an across the board problem. It's not just TZ. That's TZ's, NSA's, etc. Wherever you're using their implementation of SSL, where you've got to implement a certificate on every machine. Once you even get past that it's still going to be particular and finicky. Banking sites are driven crazy by it every time we turn it on.

    It is trying to lock down outbound traffic so tightly that you get to sites that are already very security conscious. It's just a battle to get the traffic through. Intentional traffic, the traffic you want to get through, seems to be a problem. It will stop almost everything. Too much in fact. I understand the concept. It's just a little threatening. We just had a client sign off on a 6650. Then we send them a scope of work for implementing it. We specifically put a note in there in enormous bold type: "Note does not include SSL-DPI implementation". That is additional. The client responded that  "That's the one piece I wanted you guys to do. I'm scared of it."

    He said, "We're scared of it," and I told him, "We're scared of it too." I said, "I don't know how long it's going to take. And it's going to turn your universe upside down for a week to 10 days to maybe two weeks." He said that he heard that this would be the case. 

    My fear is that the client thinks that we'll say it will take four hours and then, when it turns into 40, try to make us give them the submission for free. 

    Even tiny environments, for example, 10 user environments, once you turn it on, you will spend days tuning it. The last one we did took us 22 hours to get it perfect. We learned our lesson. We slotted in four to eight hours to do it and it took us 16 to 20.

    From a support perspective, if we're talking tech support I think Silver Partners, Gold Partners, Platinum, whatever level, should have a different number to call. End users can call tech support over at SonicWall if they've paid for support as part of their AGSS or whatever services they bought. The end-user can call, or we can call, however, I don't want to be calling the same line that an end user's calling. I don't want the same response time. I need a different level of expertise.

    For how long have I used the solution?

    We've been a SonicWall dealer for 21 years approximately. We've been handling the solution since 1999. I personally didn't start using the solution until 2004.

    What do I think about the stability of the solution?

    Once you get past all the configuration issues, If you are on a rock-solid GA (Generally Available firmware), I don't know if I want to say it's bulletproof, however, the stability is really, really good. I don't sit and worry, thinking, "Oh, God. We know another one's going to fail today." We never think that way about that type of stuff. It's the odd time where we might get hardware failures or random reboots. We've had a couple of SMA units go sideways. Even SonicWall couldn't solve the problem. However, that said, it's rare.

    What do I think about the scalability of the solution?

    There's a couple of different ways to answer the question of scalability. They've built the TZ line wide enough so that we've got enough of a selection to be able to fit most bandwidth and user count situations. It's never going to fit everybody and it's not meant to. It shouldn't. It is a little challenging to try to get one of the boxes to do full wire speed. I'm not so sure inside that box, at the price point, you're going to solve that problem.

    That's why we sold the 6650. One client has got a one gig fiber line and they're in a school. On an NSA 3600, he can't get over 400 on it. I told him he never would. Some days I'd be surprised to get 400, depending on the user count. The TZ lineup is pretty good, however, I'm not so sure I'd use the word scalable. 

    If what we mean by scalable is, "oh, well, I buy a 300 and I buy it for 10 users, but I can scale up to 30 users with that box," the answer to that is no you can't. If you ask "could I scale up to 25 users and move to 200 or 300 or 400 meg?" You can't. We've got somebody in that situation right now and we're quoting a box replacement because it just can't scale that way.

    You can't necessarily scale on the appliance. You've got to get the right size. That's the easiest way to scale. If it's the right-sized appliance for the environment with some headroom then I think most situations users are going to be fine. There's going to be some issues where somebody cheaps out. For example, we worked with a law firm. They bought a TZ 300 because they didn't want to spend the money for the 500. Now they're going to have to spend the money for the 500 anyway because they need to scale up. 

    How are customer service and technical support?

    I don't think they really separate support from line to line. Maybe if you get all the way up into supermassive issues they do. Between NSA and TZ, it's the same level of service that you get on the other end of the phone. To be quite honest, level one support is not sparkling. Level two is usually really good. Level three is usually a combination. You get to level three, and you're almost talking to development or a combination of a crew that's dealing with development and senior technical expertise. Those guys rarely fail us.

    That's a typical support story. The level one guys will read the scripts and don't necessarily fix anything. We've already run through level one through three on our end with my staff. If they can't fix it, talking to a level one script reader is definitely not going to get it fixed. You should be able to bypass those guys if you're a reseller and a long-standing Silver Partner, like we are.

    Which solution did I use previously and why did I switch?

    We've also used Cisco previously. A while back, we used to have Cisco as our primary choice, with SonicWall being our second. That changed when I came to the company in 2004, where SonicWall became our solution of choice. We've got 400 or 500 firewalls out there and we don't plan on changing over to anything else.

    What other advice do I have?

    We're a Silver Partner.

    I'm not an engineer. I was a field engineer for nine years a long, long time ago. However, I'm not typically the one that gets my fingers into stuff, and it would be my engineering and senior engineering staff that do that. That said, I can say that I don't think any of our guys have touched the virtual platform yet.

    We use TZ and traditional NSA tech every day. That's our bread and butter.

    The current version we're using right now is the 600 series, although we do still have some 350 series. 90% of what we use are Gen 6. They're either TZ 300, 400, 500, 600 or NSA 2600, 3600, 4600. 

    We've got a smattering of 2650s that we've rolled out, which have been really, really good. Those are powerful units.

    I'd rate the solution eight out of ten. It doesn't warrant more than that. There's plenty of products I'd give a five to out there, however, for the quality of the product offering, I think an eight is a fair mark.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Maaz Khan
    Network Security & Virtualization at a financial services firm with 1,001-5,000 employees
    Real User
    Top 20
    IPS system is the strongest you can get and it has good decryption

    Pros and Cons

    • "The IPS system is the best in the field."
    • "Higher levels of support are excellent but new users may need additional options."

    What is our primary use case?

    The primary use for this solution depends on the preference of a customer and to some extent their existing environment.  

    We have to establish things like:  

    • what are the business requirements  
    • how we can utilize what is existing or if the client needs to upgrade equipment  
    • what kind of servers do we put in  
    • what kind of servers does he have on cloud  
    • what kind of servers do we have on-premises  

    So it all depends on the customer's requirements. If a query comes up with a client, I am happy to answer that and provide a resolution but the situation needs to consider specific needs.  

    What is most valuable?

    The thing I like the most about Palo Alto is that the IPS system is the strongest you can get. Even if you check with resources like the NSS Labs or Gardner — anywhere else — they all say it has the strongest IPS. It holds true even over the past five years. They are the leaders in the field.  

    The reason I believe in my eyes that the IPS is the most valuable feature in Palo Alto is that the IPS is basically protecting everything. I think every two or three hours the database for the IPS signatures gets updated.  

    One more feature of Palo Alto, which is not in Fortinet if you compare, is decryption. Palo Alto firewalls are doing SSL inspection and they are doing decryption as well. If we need SSL inbound inspection it is available in Palo Alto but Fortinet does not have this feature. They are not doing SSL inbound inspection. It is one more thing I would like to include as a positive feature of Palo Alto in my opinion.  

    What needs improvement?

    There is not really anything that needs to be improved in the product. It might be nice if it were possible for newer users to get a higher level of support.  

    For how long have I used the solution?

    The company I work for now is a business I more recently joined. It has been about two years with the company but I have been dealing with Palo Alto products for 10 years now.  

    What do I think about the stability of the solution?

    We are talking about a firewall and we are not talking about a simple machine. We are talking about a machine that is not something you can just make simple. We are not talking about a general machine, so it does not really have general features. It does have multiple features. It does have processing engines — the parallel processing of Palo Alto — which is great. The stability will depend on the configuration and use. You really only have two options. You can either go for Palo Alto, or with Fortinet. These are the leaders of network security right now, so I guess those are stable or they would not be popular.  

    What do I think about the scalability of the solution?

    Palo Alto has got a lot of customers now — even in the middle East. Almost every version has been scalable. That is the main reason that people are buying the product. I am satisfied with the scalability.  

    How are customer service and technical support?

    The quality of technical support usually depends on your support level. If your support level is 24/7 365 then obviously your support is going to be perfect. But if you did not purchase that support, you will have some other level of support which is not 365 days. For example, they have an option for eight-by-seven which is eight hours per day seven days a week or something like that. The eight-by-seven support is not good in that case if you need it often or at times when it is not available.  

    I have worked for Palo Alto as well as consulting about their products and they are really good at what they are doing, but there are pros and cons for every product. This applies especially to the goals when it comes to support. Most of the customers are not educated enough to do hands-on technical stuff on a product that is new for them every time even if they have experience with similar products. They need support because the basic concepts are essentially the same for firewalls everywhere, but the operating system and the way it does the processing is different for every type of firewall. So new users of Palo Alto may require support to set up most of the things, and if a user does not have the level of support he needs, he will be facing issues. He will not be able to finish his work on time.  

    I really feel that all products have some level of technical support issues. Every product has pros and cons and even in the support level. A lot of times we will not find support in our same region. It would be located in different regions. So it happens to be pretty much normal for IT. People probably do not feel that is a good issue to face, but issues in the support are actually fine. That is manageable.  

    Which solution did I use previously and why did I switch?

    I do have experience using next-generation firewalls, traditional firewalls, NDN (Named Data Networking) firewalls, distributed firewalls, and NSX. We still use various products but I prefer to use Palo Alto because of its capabilities.  

    What's my experience with pricing, setup cost, and licensing?

    I am actually satisfied with the pricing of Palo Alto even though it is expensive. If you are talking about using products by a leader in the field and it is a bit expensive compared to other vendors, then that is totally fine for me because you are not compromising your security. In many other cases — like if there are budget issues — the companies can always go for Fortinet. It is also a good firewall, but it is cheaper. If you have got the budget to purchase Palo Alto, get it. If you do not have the budget, go for Fortinet or any other firewall.  

    Which other solutions did I evaluate?

    When we were looking for some different solutions, I was looking for comparisons between AlgoSec's firewall and others. I have been trying to research basically right now before purchasing another solution. We are looking for firewall management. We have multiple-vendor firewalls and we are looking to manage them from one console. From there I can manage all my multi-vendor firewalls, DMZ, internal firewalls, group firewalls, et cetera. That is why I was looking at AlgoSec, because it is capable of doing re-certification as well as integrating with NSX as well. There are a lot of things it can do. AlgoSec seems to meet my basic requirements for the solution.  

    We are using multiple vendors like Cisco, Palo Alto, Fortinet, and Juniper. We are not limited to one vendor. We have different environments and different firewalls for each environment.  

    But mostly, in the current market over here, the clients are preferring to go with Palo Alto as a DC (Data Center) firewall to use internally because IPS (Intrusion Prevention System) is really strong. As for Fortinet, people are preferring that as a solution for DMZ.  

    What other advice do I have?

    On a scale from one to ten where one is the worst and ten is the best, I would give Palo Alto a rating of nine-out-of-ten.  

    I would not give the product a ten and it is not really because there are additional features can be included to make it a perfect ten. Nobody is perfect. Based on smaller support issues is not really something I can rate a product on. Based on their performance in being a leader of these technologies and the leaders and the inventors of next-generation firewalls — based on that, I am giving them a nine. They have better processing which Palo Alto is the only one doing. Based on that and IPS system I give them a nine. And because I am not a perfect guy, I keep one Mark.  

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Oscar Bashford
    Network Operations Support at EOS IT Management Solutions Ltd
    MSP
    Top 10
    Fast with good usability and fairly scalable

    Pros and Cons

    • "I'm told the solution is the fastest, and, so far, I do find that to be the case."
    • "It could use more tutorials."

    What is our primary use case?

    I primarily use the solution for experimentation. I just wanted to create a site to site VPN. I was hoping that you can make the SRX like a hub, so if I had a site here and then I had a new site, I could just create another VPN from that new site to the virtual X in the cloud. I don't know if it works like that. I'm skeptical if it can. Maybe there is a roundabout with the actual Azure AWS, however, I'm not so sure about that part. That's why I'm learning about Azure, and how that works in connecting to the cloud.

    What is most valuable?

    I'm told the solution is the fastest, and, so far, I do find that to be the case. 

    I'm familiar with the solution, so I'm pretty comfortable with the processes. There's pretty good usability.

    What needs improvement?

    Largely the solution seems fine to me.

    It could use more tutorials.

    I think there's a step missing or the use cases are missing information. I'm not sure why you have to connect from the descendant to another SRX. The why part, why would I do that and what's practical, is not really answered in any documentation I have access to. At my last job, we used to hook up a VPN to the data center, and then at each site we would have a device connecting to that data center. Now that project is not 100% right now, I'm still wondering if I were to go and do that project, how would I do it? Should I make it cloud-based?

    If I want to use it virtually in the cloud as a hub, I want to see if that's possible, and, if it's possible, they should have documentation on that.

    I looked at the config. I played around with the config and then I say, "Okay, I see what they're doing, with the actual Azure part, and yet, on AWS, I'm having the same problem." It's something to do with the public IP. It's only functioning on the management side, on the virtual firewall. I can't get the other side, the other network interface to connect out. I don't have a connection out technically. I could ping, but through management and that's not how it's supposed to work. It's just through the management. I'm not seeing the departments.

    For how long have I used the solution?

    I haven't been using the solution for that long. Basically it's just this year. I've been tinkering with it since March.

    What do I think about the stability of the solution?

    The solution is stable. It seemed very good. I'm just trying to learn everything right now, however, from what I've experienced, I'd say it's reliable.

    What do I think about the scalability of the solution?

    Scalability is very good. I'm not an expert yet, however, I would recommend it to anybody who needs to expand.

    There's hundreds, if not thousands, or users on the solution currently.

    How are customer service and technical support?

    I believe there is something on Amazon and you can ask questions about the solution. I was trying to go through something like that, and maybe they can help. I didn't really follow through, due to the fact that I didn't get an email, so I don't know who could contact me. With Azure, I didn't really go that far in depth.

    Mostly I just do my own research and try to troubleshoot issues on my own. I'm figuring out everything from scratch.

    Which solution did I use previously and why did I switch?

    I'm kind of familiar with ASA firewalls from Cisco. I've worked with SonicWall a lot and Pablo Alto a little bit, however, I'm not 100% familiar with it. I've worked on it, but not every day. For Palo Alto, I just worked on it once. I know the interface. I know some other firewalls as well, however, I don't think they need to be mentioned, as they're not that popular. ASA firewall, I would say, is the most popular one.

    How was the initial setup?

    At first the implementation was straightforward. I got around quickly. I was able to, after a week, feel like I had the hang of everything. I can move around in Azure and AWS. That said, it's just the part with the elastic IP. I don't know if it's a Juniper issue or it's on there and there's another connection, and that's the part I'm not getting.

    I was able to deploy the solution in days. It's just getting it to work properly, however. In that sense, it took weeks, or, at least a week and a half. I had to say "Okay, let me give up this for now" before I really got anywhere.

    There isn't really maintenance per se. It's just running. There's 24/7 support. When it goes down, I guess, we're there.

    What about the implementation team?

    I did the implementation myself, however, I have a lot of tutorials and documentation on hand. I use YouTube as well. I even got Pluralsight the other day. I have IME. I have CBT Nuggets. Anything I can use to find out more about the product I will look at. What has really helped me was I got a lot of PDF files from Juniper and it had some stuff about AWS.

    Which other solutions did I evaluate?

    I would say this solution was the default selection, however, I know that ASA is up there too. That said, the virtual SRX is what's most popular now.

    What other advice do I have?

    Our organization is partners with Juniper. We have a business relationship with them.

    At work I see it a lot, however, a lot of tasks are automated at work. It's not like you have hands-on from scratch experience. In my position, I'm doing more support or some automation to build the VRX or the virtuals needed for lab equipment. At home and in the labs I am able to learn from scratch, and I'm trying to connect VPNs, etc. I am hoping to get into the cloud in the future.

    The version of the solution we use should be the latest. I downloaded it a couple of months ago. It should be the latest, due to the fact that I have a virtual that's a trial. I get it through the partnership through my job. The virtual that I've got is on AWS. Azure is the recommended platform.

    I'd recommend the solution. I'd rate it ten out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Georges Samaha
    Security Consultant at a tech services company with 501-1,000 employees
    Reseller
    Top 5
    Good application detection, strong antivirus capabilities and built-in machine learning

    Pros and Cons

    • "From my experience, comparing it to other products, the granularity you can have in the application is very good. The application detection is excellent. It's certainly one of the best."
    • "The solution would benefit from having a dashboard."

    What is our primary use case?

    We primarily use the solution as a firewall.

    What is most valuable?

    From my experience, comparing it to other products, the granularity you can have in the application is very good. The application detection is excellent. It's certainly one of the best. 

    The engine detector application is usually one of the best compared to any other firewall on the market, in my opinion.  With it, I can do a lot of rules based on the application. If you have multiple internet links, you can have an application export from one link, and an application wire from another link. You can have security on the application. The security, for example, can have different functionalities. Basically, the granularity of rules is amazing in Palo Alto.

    They have a good reputation for their antivirus capabilities.

    The solution offers a strong URL based system or detection for malicious URL or malicious files. 

    They even have a machine learning algorithm. They do a lot of very advanced detection for files and URLs. 

    Once you deploy the product, you can basically forget about it. It has high customer satisfaction because it's always just working.

    What needs improvement?

    The solution would benefit from having a dashboard.

    From a normal IPS after attack, routine attack and threat detection attack, in other words, the standard IPS detection attack, I don't see Palo Alto as very good compared to others. The standard network IPS functionality could be better. It's there in solutions like McAfee or Tipping Point, however, I don't see it here in this solution.

    For how long have I used the solution?

    We've been working with Palo Alto for about six years now.

    What do I think about the stability of the solution?

    From my experience, it's the best hardware compared to other NG firewalls from the perspective of performance stability. While the other firewalls lose 50 or 60% of performance when enabling all policies, Palo Alto loses 10 to 20% maximum, even with enabled IPS and fire detection and all. From our experience performance-wise, it's one of the best hardware solutions for firewalls. 

    We haven't lost performance really, so I would describe it as very stable. There are not any issues.

    What do I think about the scalability of the solution?

    Since the solution is hardware, there are some limitations in terms of scalability.

    Usually, in hardware, you can't say it's scalable or not due to the fact that you have the limitations built-in related to the size of the box. The box has a maximum number that it can reach. You can add more hardware, however, the hardware itself is finite.

    We usually do a POC first so we can get the figures for performance and we can put in a box that can support 20 or 30 people extra for future expansion.

    How are customer service and technical support?

    In general technical support is very good. That said, usually, when we face an issue, we try to solve it ourselves internally before going to level one support. 

    In general, we never have had a big issue with support. I don't have much experience with the support team to tell you if they're really good or not. Usually 80% of the cases we open, we talk with the distributor and finish the operation case directly with Palo Alto. It's more like a backend request and therefore I don't have much input that would be objective.

    Which solution did I use previously and why did I switch?

    As resellers, we also work with Cisco and some Forcepoint solutions.

    I like that in Cisco there's more security parts, like IPS, and a Demandware engine.

    I like Cisco, in general, more than Palo Alto if I'm comparing the two. However, from an application perspective, our application's usability and detection and firewall control using an application, it's Palo Alto that's the best on the market. That's, of course, purely from a  firewall point of view. Even in terms of detection of the applications, it has the best system.

    How was the initial setup?

    The deployment depends on the client's environment as well as how they are using it. For example, an internet NG firewall on the internet, it takes, on average, a week between installation, integration, and tuning. Usually we don't do all the policies because we are system integrator. We do the main policies and we teach the customer and then do a handover to the user for tuning and all the installation extras.

    If it's a data center project, it takes more time and effort. It takes a month sometimes due to the fact that we'll be dealing with a lot of traffic. The application and server are usually harder to control than internet applications like Facebook and other standard applications, and easier on the internet. Then there's also internal applications, custom applications, migrating applications, finance education applications, etc., which are not always direct from the customer or directly known.

    In short, the implementation isn't always straightforward. There can be quite a bit of complexity, depending on the company.

    What other advice do I have?

    In general, I prefer hardware, and Palo Alto's is quite good. However, we have a couple of virtual deployments for cases as well.

    I would definitely recommend the solution. It's one of the best firewalls on the market. I've worked with four different vendors in the past, and some of the most mature NG firewalls are Palo Alto's. It's their main business, so they are able to really focus on the tech. They spend a lot of time on R&D. They're always leading the way with new technologies. 

    While Cisco has more main products, Palo Alto really does focus in on NG firewalls. That's why I always see them as a leader in the space.

    I'd rate the solution nine out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    EX
    Director at Treasure Technology
    Reseller
    Top 20
    Excellent UI, very good features and very scalable

    Pros and Cons

    • "While the stability maybe isn't quite to the level of Cisco, it is a very cost-effective solution. It's cheap compared to Cisco."
    • "The stability could be improved. I find Cisco to be more stable than Fortigate, which is I major differentiator between the two."

    What is our primary use case?

    We primarily use the solution simply for its firewall functionality. It's the main reason we use it.

    What is most valuable?

    For myself, the UI is pretty much perfect. It's much easier to work with than Cisco's FirePOWER, for example. I prefer the way it is designed above everything else, even though Cisco may be better for a different reason. Fortigate is just hands down more intuitive and therefore users need less training. While a non-tech person may need a bit of training in terms of configuration, it's still easier than Cisco.

    In terms of general features, I find Fortigate and Cisco very comparable. They technically do the same things. Both can drill down by IP or region, so, application-wise, they're very much the same. 

    What needs improvement?

    The stability could be improved. I find Cisco to be more stable than Fortigate, which is I major differentiator between the two.

    I haven't really explored the cloud too much, as we deal mostly with an on-premises system. However, now with everyone working from home due to COVID-19, it's something I'm beginning to explore and something I think Fortigate needs to invest in and expand on. If they could do something that integrates the cloud effectively, maybe with a cloud provider like Azure, that would be helpful.

    Fortigate could speed up its level of customer service in our region.

    For how long have I used the solution?

    I've been using the solution for quite a few years now. It's been perhaps five or six years in total.

    What do I think about the stability of the solution?

    While the stability maybe isn't quite to the level of Cisco, it is a very cost-effective solution. It's cheap compared to Cisco. Licensing is very, very easy. It's much, much easier than Cisco where licensing is a pain. The Cisco licensing is very difficult to configure, which makes Fortigate a more attractive alternative even with less stability. 

    That said, after working with Fortigate for many years, I haven't really encountered a lot of crashes or glitches. The hardware is very, very good. Once a power adapter failed on us and we just replaced it on the device and it was able to recover. With ASA, I can say so far so good. The hardware's really good. They've improved a lot of the hardware specs.

    What do I think about the scalability of the solution?

    We haven't had any issues with scalability. If a company needs to build it out or expand, they really shouldn't have any issues.

    How are customer service and technical support?

    The customer support for Fortigate is fine. Compared to Cisco, however, I would say Cisco's response might be a bit faster. If a device fails, they'll be onsite to replace it themselves. In my region, in terms of Fortigate's response to a similar event, users would have to go through the distributor and not directly to Fortigate. That's why it takes longer. It could be a bit easier, and if they did it a bit more like Cisco, I think it would be better. However, Fortigate's response isn't bad.

    How was the initial setup?

    The initial setup was straightforward. A company just needs to get requirements from its customers and then they can just deploy. It's not complex at all.

    Deployment takes about two weeks. The setup itself is very fast and you will have limited downtime. However, there will be fine-tuning that will be required and this may take weeks. If a customer gives new requirements at any time, you'll need to make some tweaks.

    What's my experience with pricing, setup cost, and licensing?

    With Cisco, licensing is quite complex, but with Fortigate, you simply need to buy a bundle and they give you everything you'll require.

    Which other solutions did I evaluate?

    Right now, I'm also interested in learning more about Cisco, and how it compares to Fortigate. I know Cisco quite well, but I've never directly compared Cisco and Fortigate together before. Of course, I still believe I know Fortigate better.

    What other advice do I have?

    We're resellers of both Cisco and Fortigate solutions.

    I'd advise other companies or users to give a try. The Virtual Appliance is very easy to set up. In terms of scalability, it's easy enough to expand out, especially if you compare it to the hardware. For the virtual solution, it's easily upgraded. For the physical, you need to do a POC.

    It really depends on what kind of distributor a company is working with. Some provide you all the resources. Others don't. I'm not sure how it works with the Cisco Virtual Appliance. For Cisco, I only know about the cloud. 

    Normally, I provide my customer with Meraki. I won't provide a Cisco solution, even though Meraki is part of Cisco.

    I would rate the solution eight out of ten. There's still room for improvement. There could be a bit better support and not all solution providers offer this kind of Virtual Appliance in my region. Once more people use it, they may begin to improve on it even more.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Get our free report covering Zyxel, Fortinet, Cisco, and other competitors of Cisco IOS Security. Updated: November 2021.
    552,136 professionals have used our research since 2012.