We just raised a $30M Series A: Read our story

Compare Fortinet FortiGate vs. Sangfor NGAF

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about Fortinet FortiGate vs. Sangfor NGAF and other solutions. Updated: November 2021.
554,586 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic.""Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be.""One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now.""The customer service/technical support is very good with this solution.""The most valuable feature is the access control list (ACL).""The feature set is fine and is rarely a problem.""We have not had to deal with stability issues.""The solution offers very easy configurations."

More Cisco Firepower NGFW Firewall Pros »

"The application control features, such as Facebook blocking and Spotify blocking, are the most valuable.""The product offers very good security.""FortiGate is flexible and easy to use.""Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.""It's very fast and easy to configure.""The web filtering feature and the intrusion protection system are the most valuable. It is a resilient appliance. I never had an issue with it in terms of any security breaches.""The usage in general is pretty good.""It's super reliable. I don't think I've ever had a reliability issue with it."

More Fortinet FortiGate Pros »

"We've found the technical support to be helpful.""In four steps one can configure the entire firewall.""It's a very simple to use product.""While the features are not dissimilar to other brands, configuration is much more simple, which works out great for Indonesian people.""Sangfor has the best capabilities for securing connections, securing web browsers, securing servers, and general threat protection.""In terms of the most valuable features, the IPS report is quick and updated. Performance is also valuable."

More Sangfor NGAF Pros »

Cons
"Cisco Firepower NGFW Firewall can be more secure.""I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here.""When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance.""One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically.""FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it.""On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it.""The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.""One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue."

More Cisco Firepower NGFW Firewall Cons »

"Backup can be improved.""They can do more tests before they release new versions because I would like to be more assured. We had some experiences where they release something new and great, but some of the old features are disabled or they don't work well, which impacts the product satisfaction. The manufacturer should be able to prove that everything works or not only that it might work. This is applicable to most of the other services, software, and hardware companies. They all should work on this. We cannot trust every new release, such as a beta release, on the first day. We wait for some comments on the forums and from other companies that we know. We always wait a few weeks before we use the updated version. They should also extend the VPN client application, especially for Linux versions. Currently, it has an application for Linux devices, but it doesn't work the way we want to connect to the VPN. They use only the old connection, not the new one. They have VPN client applications for Windows and Mac, but they can add more useful features to better manage the devices and monitor the current health of each device. Such features would be helpful for our company.""It is stable, but its stability can be improved.""The initial setup is complex.""The solution lacks multi-language support.""Fortinet doesn't provide multiple virtual firewalls which would facilitate end users and customers.""We have an issue with hotel guest vouchers.""The search tool needs improvement. It's very difficult to search for policies right now."

More Fortinet FortiGate Cons »

"The solution has too many bugs and these slow down the implementation.""Occasional issues with breaches which are dealt with expediently.""I believe that IAM and NGFW need to merge into a single box, instead of there being two separate box solutions.""They need to increase the number of ports in the firewall.""The web interface needs to be improved, making it more user-friendly."

More Sangfor NGAF Cons »

Pricing and Cost Advice
"This solution is expensive and other solutions, such as FortiGate, are cheaper.""Cisco pricing is premium. However, they gave us a 50 to 60 percent discount.""The solution was chosen because of its price compared to other similar solutions.""Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed.""For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive.""Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities.""Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees.""This product requires licenses for advanced features including Snort, IPS, and malware detection."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"As far as I'm aware, in our case, it's just a yearly pricing arrangement with no additional licensing costs.""The pricing for the product is alright.""The price of FortiGate support is too expensive.""It's very affordable.""Fortinet Secure SD-WAN delivered the lowest total cost of ownership (TCO) per Mbps among all other vendors.""The pricing of the solution is very competitive.""It has a competitive price.""Fortinet is the least expensive solution."

More Fortinet FortiGate Pricing and Cost Advice »

"The price is unmatcheable.""Sangfor is cheaper than competing vendors.""When it comes to the price of firewall solutions, Sangfor NGAF takes the cake."

More Sangfor NGAF Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
554,586 professionals have used our research since 2012.
Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
Top Answer: As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite… more »
Top Answer: In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
Top Answer: I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
Top Answer: In four steps one can configure the entire firewall.
Top Answer: The price is very cheap. It cannot be matched.
Top Answer: I believe that IAM and NGFW need to merge into a single box, instead of there being two separate box solutions.
Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
Sangfor NGAF Firewall Platform
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

Sangfor Next Generation Firewall (also known as NGAF) is a converged security solution providing protection against advanced threat, malware, viruses, ransomware and web-based attacks using integrated security features like firewall, IPS, anti-virus, anti-malware, APT, URL filtering, Cloud Sandbox, and WAF. As the world's first AI-enabled and fully integrated Next Generation Firewall & Web Application Firewall (WAF), NGAF offering the security visibility, real-time detection and response, simplified operation and maintenance and high-performance application layer security needed to operate an enterprise network in total security. Tested and proven to provide cutting-edge network security by ICSA Labs and endorsed by Gartner Inc., NGAF harnesses the power of Sangfor’s Neural-X threat intelligence and analytics platform and Engine Zero’s innovative malware detection to provide next-generation protection for today’s enterprise.

Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Fortinet FortiGate
Learn more about Sangfor NGAF
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
The Ministry of Science, Technology, and Innovation (Indonesia), Lawson, Inc. (Philippines), Universiti Sultan Zainal Abidin (Indonesia), TEK Automotive (Italy), etc.
Top Industries
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Government8%
Manufacturing Company8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
REVIEWERS
Comms Service Provider14%
Computer Software Company10%
Financial Services Firm8%
Manufacturing Company6%
VISITORS READING REVIEWS
Comms Service Provider36%
Computer Software Company20%
Government5%
Educational Organization4%
VISITORS READING REVIEWS
Comms Service Provider43%
Computer Software Company20%
Media Company5%
Government5%
Company Size
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
REVIEWERS
Small Business48%
Midsize Enterprise25%
Large Enterprise28%
VISITORS READING REVIEWS
Small Business35%
Midsize Enterprise25%
Large Enterprise40%
REVIEWERS
Small Business43%
Midsize Enterprise57%
Find out what your peers are saying about Fortinet FortiGate vs. Sangfor NGAF and other solutions. Updated: November 2021.
554,586 professionals have used our research since 2012.

Fortinet FortiGate is ranked 1st in Firewalls with 97 reviews while Sangfor NGAF is ranked 23rd in Firewalls with 6 reviews. Fortinet FortiGate is rated 8.4, while Sangfor NGAF is rated 8.2. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of Sangfor NGAF writes "Great pricing, reliable stability, and easy to deploy". Fortinet FortiGate is most compared with Cisco ASA Firewall, pfSense, Meraki MX, Check Point NGFW and SonicWall TZ, whereas Sangfor NGAF is most compared with Sophos XG, Fortinet FortiOS, Sophos UTM, pfSense and Check Point NGFW. See our Fortinet FortiGate vs. Sangfor NGAF report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.