We just raised a $30M Series A: Read our story

Compare Cisco ASA Firewall vs. Palo Alto Networks NG Firewalls

Cancel
You must select at least 2 products to compare!
Comparison Summary
Question: What are the main differences between Palo Alto and Cisco firewalls ?
Answer: Palo Alto has more visibilities and control instead of Cisco Firewall.
Featured Review
Find out what your peers are saying about Cisco ASA Firewall vs. Palo Alto Networks NG Firewalls and other solutions. Updated: November 2021.
552,695 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The customer service/technical support is very good with this solution.""I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.""We have not had to deal with stability issues.""The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control.""The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands.""I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable.""The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy.""One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."

More Cisco Firepower NGFW Firewall Pros »

"Technical support services are excellent.""The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks.""I like all of the features.""Simple to deploy, stable.""Unfortunately in Cisco, only the hardware was good.""To be honest, all of the features that are provided, all the other vendor will also have. One feature we did find valuable was the CLI, it is more accurate. Additionally, I was happy with the customization, dashboards, access lists and interface.""The clusters in data centers are great.""I like the IPS feature, it is the most valuable."

More Cisco ASA Firewall Pros »

"Operationally, it is easier, and the manageability and their security features are good.""The stability of the product has been good over the years.""The App-ID, Content-ID, User-ID, and encryption and decryption are valuable features.""Everything is easy in Palo Alto Networks NG Firewall. It is very stable, easy to configure, and easy to upgrade. It is also very easy to create custom policies and applications. Everything can be done with the click of a button. It is also good for the protection of web services. Nowadays, they have a rather new DNS security feature, which is pretty good and functional. We did a one-month trial, and it is the best product for the firewall network.""It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things.""The configuration is very simple.""The management options are good.""The most valuable feature is WildFire, which blocks sophisticated attacks and distinguishes it from other traditional firewall functions."

More Palo Alto Networks NG Firewalls Pros »

Cons
"An area of improvement for this solution is the console visualization.""The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs.""I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here.""I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement.""The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team.""The solution could offer better control that would allow the ability to restrictions certain features from a website.""One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically.""The initial setup could be simplified, as it can be complex for new users."

More Cisco Firepower NGFW Firewall Cons »

"The annual subscription cost is a bit high. They should try to make it comparable to other offerings. We have a number of Chinese products here in Pakistan, which are already, very cheap and have less annual maintenance costs compared to Cisco.""It is expensive.""The stability is not the best.""It lacks management. For me, it still doesn't have a proper management tool or GUI for configuration, logging, and visualization. Its management is not that easy. It is also not very flexible and easy to configure. They used to have a product called CSM, but it is no longer being developed. FortiGate is better than this solution in terms of GUI, flexibility, and user-friendliness.""Security generally requires integration with many devices, and the management side of that process could be enhanced somewhat. It would help if there was a clear view of the integrations and what the easiest way to do them is.""If the implementation was easier, it would be a lot better for us.""Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this.""They need a user-friendly interface that we could easily configure."

More Cisco ASA Firewall Cons »

"In the future, I would like to see more OTP features.""The user interface is probably not as slick as it could be.""Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution.""The cost of the device is very high.""I would like to see better third-party orchestration so that it is easier for the team to work with different products.""The reports it provides are not helpful.""It would be better to have more tools to control Palo Alto Networks NG Firewalls. We don't have too many tools to access Palo Alto. For example, the IT team doesn't have access to it. We can see it physically and see if it's running or not. We need to contact a special team to receive that information. I would also like to see more reporting in the next release.""The areas that need to improve are network protection and user identification."

More Palo Alto Networks NG Firewalls Cons »

Pricing and Cost Advice
"I am happy with the product in general, including the pricing.""There are additional implementation and validation costs.""When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis.""Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain.""The price of Firepower is not bad compared to other products.""I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way.""The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case.""For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high.""I like its licensing because you buy the license once, and it is yours. We don't have to go for a subscription. So, I liked how they licensed Cisco ASA. Our clients are also very satisfied with its licensing model.""In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco.""It is expensive. There is a cost for everything. There is per year license cost and support cost. There is also a cost for any training, any application, and any resource. Things are very costly to do with Cisco. Other brands are cheaper. They are also more flexible in terms of training, subscription, and licensing. They give lots and lots of years free. They provide more than Cisco.""I just bought it off the shelf, and I'm using it with my previous one, so I have not spent that much.""Always consider what you might need to reduce your wasted time and invest it in other solutions.""We pay about $200 yearly and we have two firewalls.""We're using the smart license for this firewall. The models that we have require licensing for remote access."

More Cisco ASA Firewall Pricing and Cost Advice »

"The pricing is very high.""It is expensive.""This is an expensive product, which is why some of our customers don't adopt it.""It has a yearly subscription.""It is very expensive. You pay for a year.""The price of the solution is on the higher side compared to competitors.""We are on an annual license for this solution. I am happy with the price and when comparing it to other solutions it is priced competitively.""After the hardware and software are procured, it is the AMC support that has to be renewed yearly."

More Palo Alto Networks NG Firewalls Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
552,695 professionals have used our research since 2012.
Answers from the Community
Fedayi Uzun
author avatarreviewer1461459 (Team Lead Network Infrastructure at a tech services company with 1-10 employees)
Real User

There are some major differentiators that make Palo Alto more preferable. First of all Palo Alto's Hardware is FPGA based, which has no parallel. Due to this capability it supports SP3 technology which provides single pass parallel processing architecture. This means PA processes traffic through all the engines i.e. application, IPS and others simultaneously. This improves resiliency and provides exactly the same throughput which committed in PA data sheet. PA has been in the leaders magic quadrant of Gartner for the 7th consecutive time in a row, which shows its block capability is above power. Moreover, it is very user friendly and easy for configure. Palo  Alto provides all routing features plus IPsec tunnels without any license - license subscriptions are only required for security bundles. Palo Alto has on-box (without any additional license or cost) reporting capability that no other firewall has at the moment.


On the contrary, Cisco Firewall and its management center is not stable and lacks user friendly operations.

author avatarPhilippe Panardie
Real User

Well they are two leaders, one from US, another from Israel.


Checkpoint is the first well known firm to launch firewalls.


Palo Alto is certainly now the leader, but could be expensive in strong configurations. It supports virtualization very well and is number one for reporting.

Checkpoint NGFW is strong but under competition for high volumes when compared referred to a comparable appliance (Fortinet for instance). It needs perhaps more technical knowledge to administrate, in spite of an amazing choice of blades in the NGFW offering.


The reliability depends on your partner or integrator and a good definition of needs to have a proper sizing of your equipment.

author avatarVirendra Vishnu
Real User

Ease of Use


- GUI familiarities  and adoption level can differ from user to user.


- Personally I found CISCO  ASA interface is hard to comprehend compare to Palo Alto


- Command line interface is good, only challenge is past experience and correctness of commands to get error free results! 


Performance of the Appliance


- Palo Alto VS CISCO - Palo Alto is better performing appliance.


author avatarUmesh Wadhwa
Real User

Palo Alto is the market leader and a company with a very holistic approach to security. Firewalls are its mainstream business, whereas Cisco basically known as a networking company is trying to be one of the major players in providing security solutions. Things like advantages, disadvantages, usage and practices is a very vast topic. Generally companies already having Cisco infrastructure tend to choose Cisco firewalls from the integration point of view. Palo Alto firewalls could be more expensive. 

author avatarSandeepKumar13
Real User

Pick a product model for both vendors: Cisco & Palo Alto (refer to technical data sheets and whitepapers --)  See the key differences on your target or specific needs).


Practical evaluation by a person who has both products under the belt and can share their experiences... 


Anyone inputs, please?

Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
Top Answer: One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
Top Answer:  Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports… more »
Top Answer: When looking to change our ASA Firewall, we looked into Palo Alto’s WildFire. It works especially in preventing advanced… more »
Top Answer: Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure… more »
Top Answer: In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
Top Answer: Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat… more »
Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv
Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall, Palo Alto Networks PA-Series
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more.

Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic.

Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency.

Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Palo Alto Networks' next-generation firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use. Now, you can accelerate growth and eliminate risks at the same time.

Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Cisco ASA Firewall
Learn more about Palo Alto Networks NG Firewalls
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
Top Industries
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Government8%
Manufacturing Company8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
REVIEWERS
Financial Services Firm17%
Comms Service Provider13%
Manufacturing Company10%
University6%
VISITORS READING REVIEWS
Comms Service Provider35%
Computer Software Company21%
Government5%
Educational Organization4%
REVIEWERS
Comms Service Provider21%
Computer Software Company19%
Financial Services Firm12%
Healthcare Company7%
VISITORS READING REVIEWS
Comms Service Provider26%
Computer Software Company24%
Government6%
Energy/Utilities Company4%
Company Size
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
REVIEWERS
Small Business35%
Midsize Enterprise26%
Large Enterprise39%
VISITORS READING REVIEWS
Small Business28%
Midsize Enterprise16%
Large Enterprise56%
REVIEWERS
Small Business40%
Midsize Enterprise31%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business35%
Midsize Enterprise15%
Large Enterprise50%
Find out what your peers are saying about Cisco ASA Firewall vs. Palo Alto Networks NG Firewalls and other solutions. Updated: November 2021.
552,695 professionals have used our research since 2012.

Cisco ASA Firewall is ranked 5th in Firewalls with 62 reviews while Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 67 reviews. Cisco ASA Firewall is rated 8.0, while Palo Alto Networks NG Firewalls is rated 8.4. The top reviewer of Cisco ASA Firewall writes "Robust solution that integrates well with both Cisco products and products from other vendors". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". Cisco ASA Firewall is most compared with Fortinet FortiGate, Palo Alto Networks WildFire, Meraki MX, Juniper SRX and SonicWall TZ, whereas Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Azure Firewall, Sophos XG, Meraki MX and Palo Alto Networks VM-Series. See our Cisco ASA Firewall vs. Palo Alto Networks NG Firewalls report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.