We just raised a $30M Series A: Read our story

Compare Cisco Firepower NGFW Firewall vs. Palo Alto Networks NG Firewalls

Cancel
You must select at least 2 products to compare!
Comparison Summary
Question: What are the main differences between Palo Alto and Cisco firewalls ?
Answer: Palo Alto has more visibilities and control instead of Cisco Firewall.
Featured Review
Find out what your peers are saying about Cisco Firepower NGFW Firewall vs. Palo Alto Networks NG Firewalls and other solutions. Updated: November 2021.
554,382 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate.""I like the firewall features, Snort, and the Intrusion Prevention System (IPS).""The most valuable features of this solution are advanced malware protection, IPS, and IDS.""It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective.""I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable.""The feature set is fine and is rarely a problem.""The most valuable feature is stability.""Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."

More Cisco Firepower NGFW Firewall Pros »

"I have found it to be reliable and very easy to use. I haven't really encountered many problems with it because its documentation is clear and readily available on their website.""It's quite nice. It's very user-friendly, powerful, and there are barely any bugs.""The Unified Threat Management (UTM) module, which consists of the basic firewall and IPS services, is what the majority of our customers use in Palo Alto Firewall.""The configuration is very simple.""This solution not only provides better security than flat VLAN segments but allows easy movement through the lifecycle of the server.""Innovative, advanced threat protection is the most valuable feature.""The application control portion of the solution is its most valuable aspect.""Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is very useful. This prevents us from having to go to a lot of different systems, and in some cases, many different systems in many different regions, because we are a global company with 60 remote offices around the world in 30 different countries. Its centralized platform is really what we look for in all services, whether it be security or otherwise."

More Palo Alto Networks NG Firewalls Pros »

Cons
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment.""It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience.""The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.""The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area.""The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore.""FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively.""The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough.""The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."

More Cisco Firepower NGFW Firewall Cons »

"The solution could offer better pricing. We'd like it if it could be a bit more affordable for us.""Having a better pricing model would make this product more competitive, and more affordable for our customers.""I would like to see it provide us with intelligent information from the data that it captures, within the same cost.""Its price can be better. They should also provide some more examples of configurations online.""It would be better to have more tools to control Palo Alto Networks NG Firewalls. We don't have too many tools to access Palo Alto. For example, the IT team doesn't have access to it. We can see it physically and see if it's running or not. We need to contact a special team to receive that information. I would also like to see more reporting in the next release.""Sometimes some of the applications the customer has do not respond as they normally should.""I would like the option to be able to block the traffic from a specific country in a few clicks.""There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex."

More Palo Alto Networks NG Firewalls Cons »

Pricing and Cost Advice
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed.""When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis.""There are additional implementation and validation costs.""When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today.""This product is expensive.""Cisco pricing is premium. However, they gave us a 50 to 60 percent discount.""Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities.""Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"We are on an annual license for this solution. I am happy with the price and when comparing it to other solutions it is priced competitively.""You pay based on the kind of license you require, but comparatively, it is not very expensive.""It is an expensive solution.""It is very expensive. You pay for a year.""It is a little bit expensive than other firewalls, but it is worth every penny. There are different licenses for the kinds of services you want to use. When we buy a new product, we go for a three-year subscription.""It is expensive as compared to other brands.""The NG firewall is an expensive solution.""The price of this product should be reduced."

More Palo Alto Networks NG Firewalls Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
554,382 professionals have used our research since 2012.
Answers from the Community
Fedayi Uzun
author avatarreviewer1461459 (Team Lead Network Infrastructure at a tech services company with 1-10 employees)
Real User

There are some major differentiators that make Palo Alto more preferable. First of all Palo Alto's Hardware is FPGA based, which has no parallel. Due to this capability it supports SP3 technology which provides single pass parallel processing architecture. This means PA processes traffic through all the engines i.e. application, IPS and others simultaneously. This improves resiliency and provides exactly the same throughput which committed in PA data sheet. PA has been in the leaders magic quadrant of Gartner for the 7th consecutive time in a row, which shows its block capability is above power. Moreover, it is very user friendly and easy for configure. Palo  Alto provides all routing features plus IPsec tunnels without any license - license subscriptions are only required for security bundles. Palo Alto has on-box (without any additional license or cost) reporting capability that no other firewall has at the moment.


On the contrary, Cisco Firewall and its management center is not stable and lacks user friendly operations.

author avatarPhilippe Panardie
Real User

Well they are two leaders, one from US, another from Israel.


Checkpoint is the first well known firm to launch firewalls.


Palo Alto is certainly now the leader, but could be expensive in strong configurations. It supports virtualization very well and is number one for reporting.

Checkpoint NGFW is strong but under competition for high volumes when compared referred to a comparable appliance (Fortinet for instance). It needs perhaps more technical knowledge to administrate, in spite of an amazing choice of blades in the NGFW offering.


The reliability depends on your partner or integrator and a good definition of needs to have a proper sizing of your equipment.

author avatarVirendra Vishnu
Real User

Ease of Use


- GUI familiarities  and adoption level can differ from user to user.


- Personally I found CISCO  ASA interface is hard to comprehend compare to Palo Alto


- Command line interface is good, only challenge is past experience and correctness of commands to get error free results! 


Performance of the Appliance


- Palo Alto VS CISCO - Palo Alto is better performing appliance.


author avatarUmesh Wadhwa
Real User

Palo Alto is the market leader and a company with a very holistic approach to security. Firewalls are its mainstream business, whereas Cisco basically known as a networking company is trying to be one of the major players in providing security solutions. Things like advantages, disadvantages, usage and practices is a very vast topic. Generally companies already having Cisco infrastructure tend to choose Cisco firewalls from the integration point of view. Palo Alto firewalls could be more expensive. 

author avatarSandeepKumar13
Real User

Pick a product model for both vendors: Cisco & Palo Alto (refer to technical data sheets and whitepapers --)  See the key differences on your target or specific needs).


Practical evaluation by a person who has both products under the belt and can share their experiences... 


Anyone inputs, please?

Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and usage at large. In my opinion, Fortinet would be the best option and l use… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers that fact, it is all the more impressive that the setup is a fairly… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco ecosystem, it is very simple to handle. This solution has traffic inspection and… more »
Top Answer: Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firewall is easy to use and provides excellent support. Valuable features include… more »
Top Answer: In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it kind of depends what you value most. PA is good at app control, web filtering… more »
Top Answer: Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat signatures and updates. I also appreciate that I can just import addresses and URL… more »
Ranking
4th
out of 47 in Firewalls
Views
43,244
Comparisons
30,805
Reviews
39
Average Words per Review
1,045
Rating
8.4
8th
out of 47 in Firewalls
Views
22,743
Comparisons
17,512
Reviews
58
Average Words per Review
589
Rating
8.5
Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall, Palo Alto Networks PA-Series
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Palo Alto Networks' next-generation firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use. Now, you can accelerate growth and eliminate risks at the same time.

Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Palo Alto Networks NG Firewalls
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
Top Industries
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Manufacturing Company8%
Non Profit8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
REVIEWERS
Comms Service Provider21%
Computer Software Company19%
Financial Services Firm12%
Healthcare Company7%
VISITORS READING REVIEWS
Comms Service Provider25%
Computer Software Company24%
Government6%
Energy/Utilities Company4%
Company Size
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
REVIEWERS
Small Business40%
Midsize Enterprise31%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business36%
Midsize Enterprise15%
Large Enterprise49%
Find out what your peers are saying about Cisco Firepower NGFW Firewall vs. Palo Alto Networks NG Firewalls and other solutions. Updated: November 2021.
554,382 professionals have used our research since 2012.

Cisco Firepower NGFW Firewall is ranked 4th in Firewalls with 41 reviews while Palo Alto Networks NG Firewalls is ranked 8th in Firewalls with 67 reviews. Cisco Firepower NGFW Firewall is rated 8.4, while Palo Alto Networks NG Firewalls is rated 8.4. The top reviewer of Cisco Firepower NGFW Firewall writes "The ability to implement dynamic policies for dynamic environments is important, given the fluidity in the world of security". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". Cisco Firepower NGFW Firewall is most compared with Fortinet FortiGate, Cisco ASA Firewall, Palo Alto Networks WildFire, Meraki MX and pfSense, whereas Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Azure Firewall, Sophos XG, Meraki MX and Check Point CloudGuard Network Security. See our Cisco Firepower NGFW Firewall vs. Palo Alto Networks NG Firewalls report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.