We just raised a $30M Series A: Read our story

Compare Fortinet FortiOS vs. Sangfor NGAF

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about Fortinet FortiOS vs. Sangfor NGAF and other solutions. Updated: November 2021.
552,305 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The feature set is fine and is rarely a problem.""If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.""One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful.""We have not had to deal with stability issues.""There are no issues that we are aware of. It does its job silently in the background.""The customer service/technical support is very good with this solution.""A good intrusion prevention system and filtering.""Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."

More Cisco Firepower NGFW Firewall Pros »

"There are many useful features, such as web security and advanced threat detection.""The solution is very user friendly.""The information security features are the most valuable.""I personally think the site-to-site VPN is the most useful feature. A lot of firewalls have that, but to me, that's one of the features that's essential.""There are a lot of features that we like within the solution. The resources or performance of the firewall is very good. However, the real selling point is the fact that the solution offers so many features, it gives our clients a lot of extras that they can work with. There's a lot on offer.""The VDOM (Virtual DOM) is a virtualized firewall that has some opportunities for flexibility that are an advantage in certain configurations.""The main features I find useful are intrusion prevention and web filtering. Additionally, the solution is easy to manage.""Firewall and overall management are valuable features."

More Fortinet FortiOS Pros »

"We've found the technical support to be helpful.""Sangfor has the best capabilities for securing connections, securing web browsers, securing servers, and general threat protection.""In terms of the most valuable features, the IPS report is quick and updated. Performance is also valuable.""In four steps one can configure the entire firewall.""It's a very simple to use product.""While the features are not dissimilar to other brands, configuration is much more simple, which works out great for Indonesian people."

More Sangfor NGAF Pros »

Cons
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility.""FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively.""Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment.""Report generation is an area that should be improved.""Cisco Firepower NGFW Firewall can be more secure.""My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement.""This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI).""I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."

More Cisco Firepower NGFW Firewall Cons »

"FortiOS doesn't work well with all browsers. I think they need to do a better job of making it compatible with the various browsers that are out there.""Right now, it's very trendy to integrate everything into the cloud. This solution would be more effective if they did more integration in that regard.""It would be great if they can push the Microsoft updates through Fortinet OS and provide a centralized patch management system. They should also include the data loss prevention (DLP) and data leakage prevention features. They could also add network monitoring more effectively.""The solution could improve the log retention and reports.""The pricing model makes this product far more expensive than similar solutions.""Fortinet needs to make this solution even more robust. Sometimes when we get a DDoS attack, the cannot withstand it. We can run out of sessions very easily. That said, I suppose if you want more a robust system, then you could purchase higher-end solutions, which are more expensive. Still, I would like to see more protection from even in the low-end version.""I can only compare it with SonicWall, and it is missing many advanced features that SonicWall has.""Lacks flexibility for different scenario configurations."

More Fortinet FortiOS Cons »

"They need to increase the number of ports in the firewall.""I believe that IAM and NGFW need to merge into a single box, instead of there being two separate box solutions.""Occasional issues with breaches which are dealt with expediently.""The solution has too many bugs and these slow down the implementation.""The web interface needs to be improved, making it more user-friendly."

More Sangfor NGAF Cons »

Pricing and Cost Advice
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way.""Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees.""There are additional implementation and validation costs.""The solution was chosen because of its price compared to other similar solutions.""Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed.""Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities.""When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis.""This product requires licenses for advanced features including Snort, IPS, and malware detection."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"There is a license required for the solution and the price is fair.""The software costs roughly half what the hardware costs. Overall, the product is expensive.""The price of Fortinet FortiOS has been reasonable.""The support contracts are usually about $100 - $200 a device."

More Fortinet FortiOS Pricing and Cost Advice »

"The price is unmatcheable.""When it comes to the price of firewall solutions, Sangfor NGAF takes the cake.""Sangfor is cheaper than competing vendors."

More Sangfor NGAF Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
552,305 professionals have used our research since 2012.
Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
Top Answer: In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
Top Answer: Performance-wise, I think FortiOS is much better than its Juniper counterpart. Based on our actual experience and… more »
Top Answer: FortiOS has a UTM feature, for which you have to buy an annual subscription. Most brands of firewalls will also have… more »
Top Answer: In four steps one can configure the entire firewall.
Top Answer: The price is very cheap. It cannot be matched.
Top Answer: I believe that IAM and NGFW need to merge into a single box, instead of there being two separate box solutions.
Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
Sangfor NGAF Firewall Platform
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Control all the security and networking capabilities in all your FortiGates across your entire network with one intuitive operating system. Improve your protection and visibility while reducing operating expenses and saving time with a truly consolidated next generation enterprise firewall platform.

Sangfor Next Generation Firewall (also known as NGAF) is a converged security solution providing protection against advanced threat, malware, viruses, ransomware and web-based attacks using integrated security features like firewall, IPS, anti-virus, anti-malware, APT, URL filtering, Cloud Sandbox, and WAF. As the world's first AI-enabled and fully integrated Next Generation Firewall & Web Application Firewall (WAF), NGAF offering the security visibility, real-time detection and response, simplified operation and maintenance and high-performance application layer security needed to operate an enterprise network in total security. Tested and proven to provide cutting-edge network security by ICSA Labs and endorsed by Gartner Inc., NGAF harnesses the power of Sangfor’s Neural-X threat intelligence and analytics platform and Engine Zero’s innovative malware detection to provide next-generation protection for today’s enterprise.

Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Fortinet FortiOS
Learn more about Sangfor NGAF
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
Black Gold Regional Schools, Amadeus Hospitality, Jefferson County, Chunghwa Telecom, City of Boroondara, Dimension Data
The Ministry of Science, Technology, and Innovation (Indonesia), Lawson, Inc. (Philippines), Universiti Sultan Zainal Abidin (Indonesia), TEK Automotive (Italy), etc.
Top Industries
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Manufacturing Company8%
Non Profit8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
REVIEWERS
Comms Service Provider38%
Financial Services Firm15%
Transportation Company15%
Pharma/Biotech Company8%
VISITORS READING REVIEWS
Comms Service Provider30%
Computer Software Company25%
Government5%
Manufacturing Company4%
VISITORS READING REVIEWS
Comms Service Provider43%
Computer Software Company20%
Media Company5%
Government5%
Company Size
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
REVIEWERS
Small Business63%
Midsize Enterprise15%
Large Enterprise22%
REVIEWERS
Small Business43%
Midsize Enterprise57%
Find out what your peers are saying about Fortinet FortiOS vs. Sangfor NGAF and other solutions. Updated: November 2021.
552,305 professionals have used our research since 2012.

Fortinet FortiOS is ranked 20th in Firewalls with 13 reviews while Sangfor NGAF is ranked 23rd in Firewalls with 6 reviews. Fortinet FortiOS is rated 8.4, while Sangfor NGAF is rated 8.2. The top reviewer of Fortinet FortiOS writes "Robust, scales well using FortiManager, and you have a choice of two different modes to run in". On the other hand, the top reviewer of Sangfor NGAF writes "Great pricing, reliable stability, and easy to deploy". Fortinet FortiOS is most compared with Fortinet FortiWeb, Zyxel Unified Security Gateway, Azure Firewall, Darktrace and Fortinet FortiGate, whereas Sangfor NGAF is most compared with Fortinet FortiGate, Sophos XG, Sophos UTM, pfSense and SonicWall NSa. See our Fortinet FortiOS vs. Sangfor NGAF report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.