We just raised a $30M Series A: Read our story

Compare Cisco ASA Firewall vs. Palo Alto Networks VM-Series

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about Cisco ASA Firewall vs. Palo Alto Networks VM-Series and other solutions. Updated: November 2021.
552,695 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.""I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete.""One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful.""It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective.""The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands.""Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be.""One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses.""Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."

More Cisco Firepower NGFW Firewall Pros »

"It is very stable compared to other firewall products.""The initial setup was not complex.""I like them mostly because they don't break and they have great diagnostics.""On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you.""The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one.""The most valuable features are the provision of internet access, AnyConnect, and VPN capabilities.""VPN and firewall are good features.""Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA. The biggest advantage of Cisco products is technical support. They provide the best technical support."

More Cisco ASA Firewall Pros »

"The most valuable features are security and support.""It has excellent scalability.""The Palo Alto VM-Series is nice because I can move the firewalls easily.""The most valuable aspects of this solution are that it's simple and stable. It has better security aspects compared to other similar solutions.""Using Palo Alto Networks Panorama, we were able to deploy a single point of management and visualization of the firewall infrastructure in cloud, on-premise and integrated with Azure to automate scale up. Its security features, i.e. anti-malware, threat prevention, URL Filtering, VPN, and antivirus are the most valuable. The ID-User integrated with AD and 2FA features are also very useful to provide secure access to servers and some users in the company. ""The most valuable features are the User ID, URL filtering, and application filtering.""The initial setup was straightforward.""The feature that I have found the most useful is that it meets all our requirements technically."

More Palo Alto Networks VM-Series Pros »

Cons
"It would be great if some of the load times were faster.""We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve.""The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area.""The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore.""FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it.""The solution could offer better control that would allow the ability to restrictions certain features from a website.""The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.""The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."

More Cisco Firepower NGFW Firewall Cons »

"An area for improvement is the graphical user interface. That is something that is coming up now. They could make the product more user-friendly. A better GUI is something that would make life much easier.""One thing that we really would have loved to have was policy-based routing. We had a lot of connections, and sometimes, we would have liked to change the routing depending on the policies, but it was lacking this capability. We also wanted application filtering and DNS filtering.""Lacks a good graphical user interface.""On firewall features, Fortinet is better. Cisco needs to become more competitive and add more features or meet Fortinet's offering.""I have used Fortinet, Palo Alto, and Check Point previously and I prefer the process of everything working together.""If they want to add better features to the current Cisco ASA, they can start by increasing the encryption. That is the only thing they need to improve.""I have worked with the new FTD models and they have more features than the ASA line.""I would like the ability to drill down into certain reports because currently, that cannot be done."

More Cisco ASA Firewall Cons »

"There should be an option for direct integration with the Azure platform.""The user interface could use some improvement.""Its web interface is a bit outdated, and it needs to be updated. They can also improve the NAT functionality. We have had issues with the NAT setup.""The implementation should be simplified.""In the next release, I would like for them to develop an anti-malware functionality in which it checks for malicious files like Cisco has.""I would like to have automatic daily reporting, such as how many users have connected via SSL VPN.""The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters.""The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway."

More Palo Alto Networks VM-Series Cons »

Pricing and Cost Advice
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs.""Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities.""The solution was chosen because of its price compared to other similar solutions.""I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way.""This product requires licenses for advanced features including Snort, IPS, and malware detection.""The price of Firepower is not bad compared to other products.""For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive.""This solution is expensive and other solutions, such as FortiGate, are cheaper."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"It is expensive. There is a cost for everything. There is per year license cost and support cost. There is also a cost for any training, any application, and any resource. Things are very costly to do with Cisco. Other brands are cheaper. They are also more flexible in terms of training, subscription, and licensing. They give lots and lots of years free. They provide more than Cisco.""They have a lot of different models but most of them are really expensive.""It's very competitive with other products.""Their pricing is very aggressive and good. Even a small company can afford it. I am happy with its pricing. Its licensing is on a yearly basis.""The price is fair. It's not the cheapest, but it's not bad.""Cisco is considered to be an expensive solution.""We're using the smart license for this firewall. The models that we have require licensing for remote access.""Always consider what you might need to reduce your wasted time and invest it in other solutions."

More Cisco ASA Firewall Pricing and Cost Advice »

"Palo Alto can be as much as two times the price of competing products that have twice the capabilities.""Because I work for a university and the URL is for the institution, it's a free license for us.""The VM series is licensed annually.""The price of this solution is very high for some parts of Africa, which makes it a challenge.""The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used.""It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years."

More Palo Alto Networks VM-Series Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
552,695 professionals have used our research since 2012.
Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
Top Answer: One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
Top Answer:  Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports… more »
Top Answer: When looking to change our ASA Firewall, we looked into Palo Alto’s WildFire. It works especially in preventing advanced… more »
Top Answer: In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
Top Answer: Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the… more »
Top Answer: The initial setup was straightforward.
Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more.

Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic.

Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency.

Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.

The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.

In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.

Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Cisco ASA Firewall
Learn more about Palo Alto Networks VM-Series
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Warren Rogers Associates
Top Industries
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Manufacturing Company8%
Non Profit8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
REVIEWERS
Financial Services Firm17%
Comms Service Provider13%
Manufacturing Company10%
University6%
VISITORS READING REVIEWS
Comms Service Provider35%
Computer Software Company21%
Government5%
Educational Organization4%
REVIEWERS
Financial Services Firm23%
Government15%
Manufacturing Company15%
Healthcare Company8%
VISITORS READING REVIEWS
Computer Software Company30%
Comms Service Provider19%
Financial Services Firm5%
Government5%
Company Size
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
REVIEWERS
Small Business35%
Midsize Enterprise26%
Large Enterprise39%
VISITORS READING REVIEWS
Small Business28%
Midsize Enterprise16%
Large Enterprise56%
REVIEWERS
Small Business38%
Midsize Enterprise31%
Large Enterprise31%
Find out what your peers are saying about Cisco ASA Firewall vs. Palo Alto Networks VM-Series and other solutions. Updated: November 2021.
552,695 professionals have used our research since 2012.

Cisco ASA Firewall is ranked 5th in Firewalls with 62 reviews while Palo Alto Networks VM-Series is ranked 11th in Firewalls with 16 reviews. Cisco ASA Firewall is rated 8.0, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Cisco ASA Firewall writes "Robust solution that integrates well with both Cisco products and products from other vendors". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". Cisco ASA Firewall is most compared with Fortinet FortiGate, Palo Alto Networks WildFire, Meraki MX, Juniper SRX and Check Point CloudGuard Network Security, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate, Juniper SRX, Fortinet FortiGate-VM and Palo Alto Networks NG Firewalls. See our Cisco ASA Firewall vs. Palo Alto Networks VM-Series report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.