Cisco Adaptive Security Appliance (ASA) Software vs. Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series vs. pfSense

Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series

pfSense

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
Cisco Adaptive Security Appliance (ASA) Software	Score 9.0 out of 10	N/A	Cisco Adaptive Security Appliance (ASA) software is the core OS for the ASA suite. It provides firewall functionality, as well as integration with context-specific Cisco security modules. It is scaled for enterprise-level traffic and connections.	N/A
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series	Score 9.1 out of 10	N/A	The VM-Series is a virtualized form of Palo Alto next-generation firewall that can be deployed in a range of cloud environments. The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity.	N/A
pfSense	Score 8.7 out of 10	N/A	pfSense is a firewall and load management product available through the open source pfSense Community Edition, as well as a the licensed edition, pfSense Plus (formerly known as pfSense Enterprise). The solution provides combined firewall, VPN, and router functionality, and can be deployed through the cloud (AWS or Azure), or on-premises with a Netgate appliance. It as scalable capacities, with functionality for SMBs. As a firewall, pfSense offers Stateful packet inspection, concurrent…	$179 per appliance

Pricing

Cisco Adaptive Security Appliance (ASA) Software

Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series

pfSense

Editions & Modules

No answers on this topic

SG-1100: $179
per appliance
SG-2100: $229
per appliance
SG-3100: $399
per appliance
SG-5100: $699
per appliance
XG-7100-DT: $899
per appliance
XG-7100-1U: $999
per appliance
XG-1537: $1,949
per appliance
XG-1541: $2,649
per appliance

Offerings

Pricing Offerings
Cisco Adaptive Security Appliance (ASA) Software	Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series	pfSense
Free Trial
No	No	No
Free/Freemium Version
No	No	No
Premium Consulting/Integration Services
No	No	No

Entry-level Setup Fee

No setup fee

Additional Details

—

More Pricing Information

Pricing Info

Community Pulse
	Cisco Adaptive Security Appliance (ASA) Software	Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series	pfSense
Considered Multiple Products	Cisco Adaptive Security Appliance (ASA) Software BT Brian Taylor Systems Engineer Chose Cisco Adaptive Security Appliance (ASA) Software We evaluated other Cisco security devices and other vendors, but chose the Cisco ASA due to it's price point and compatibility. While Fortinet and Palo Alto are leaders in the field, we found that for the price, the features we needed were fully satisfied by the ASA. We … Incentivized Helpful? Verified User Technician Chose Cisco Adaptive Security Appliance (ASA) Software Cisco ASAs are a world apart from SonicWall's, and even more so pfSense. Sonicwall's are okay for SOHO purposes; they're not expensive, but they're not as robust either. They often choke bandwidth because of CPU limitations. pfSense is a Linux-based firewall, and it does the … Incentivized Helpful? Rajesh Singh CEO & MD Chose Cisco Adaptive Security Appliance (ASA) Software [Cisco] ASA is far better than pfSense[.] pfSense is a very complicated firewall and if you need any help documentation is not easily available. Cisco ASA configuration via CLI is [the] very best and fast for configuration[.] Incentivized Helpful? rahul Verma Network Consultant Chose Cisco Adaptive Security Appliance (ASA) Software I am a freelancer consultant so I use lots of firewalls. I recommended Cisco ASA to my client and asked him to replace pfSense because pfSense is not easy firewall. Options are very different and commands are very tricky. Lots of options are not available. But ASA is better … Incentivized Helpful? VM VINAY Mandora Sr Team Leader Chose Cisco Adaptive Security Appliance (ASA) Software pfSense is a nice firewall but it is minimal in features. The main advantage of Cisco ASA is routing, VPN, and NAT, and pfSense is providing these features but they are only basic. Cisco ASA provides lots of options in NAT but pfSense provides basic NAT features, so according … Incentivized Helpful? Chirag Deol Chief Marketing Officer Chose Cisco Adaptive Security Appliance (ASA) Software We were using [pfSense] before in our environment but we regularly facing difficulties over it due to software bugs & downtime. After implementing Cisco ASA, it resolved our availability issue & provides us a reliable solution with the best security features & easy to … Incentivized Helpful? Ankit Singh Network Administrator Chose Cisco Adaptive Security Appliance (ASA) Software We were using pfSense before in our environment but we were facing continuous issues in configuration management & policy-based management. After the implementation of Cisco ASA, it has resolved both the previous problems & also provided us a reliable solution with High … Incentivized Helpful? Mohit Singh System Engineer Chose Cisco Adaptive Security Appliance (ASA) Software We were using pfSense in our environment before for remote VPN but we were facing continuous configuration misbehave issues. After using Cisco ASA is have resolved our remote VPN & security issues. It has also GUI Based control access so that we can easily check & manage things … Incentivized Helpful? Anjali Nair project manager Chose Cisco Adaptive Security Appliance (ASA) Software We were using pfsence before [the] Cisco ASA firewall and we were not happy with pfSense features. Lots of features are missing in pfSence so we decided to install the [Cisco] ASA 5525 and we are very happy with the features. There are lots of options in nat and you can easy to … Incentivized Helpful? sitaram gurjar System Administrator Chose Cisco Adaptive Security Appliance (ASA) Software We were using the pfSense but we were not happy with the services. We were facing lots of downtime and bugs during the production hours. That's why we selected Cisco ASA. It is a really very good firewall and we haveb't faced any downtime in the last 3 years. Incentivized Helpful? Basant Gupta Executive System Admin Chose Cisco Adaptive Security Appliance (ASA) Software I don't thin[k] any basic firewall in this budget is better then Cisco ASA. ASA provides you lots of option[s] in vpn, nat and this is very easy to configure. This is not complected firewall. Beginner network also can configure this and handle this. No downtime is main … Incentivized Helpful? Jeffrey Thoenen Senior Network Engineer Chose Cisco Adaptive Security Appliance (ASA) Software The Palo Alto firewalls do a decent job of packet forwarding, but the GUI is slow and cumbersome. Incentivized Helpful? Verified User Professional Chose Cisco Adaptive Security Appliance (ASA) Software Our Palo Altos and Cisco ASAs are pretty comparable. They both seem to work well when used in an HA pair. They can both do IP/Port based ACLs. But the Palos also have APP-ID which helps to make sure that the traffic passing through your firewall is the type of traffic … Incentivized Helpful? Steven Van Jaarsveld Security Engineer L3 Chose Cisco Adaptive Security Appliance (ASA) Software When comparing Cisco ASA to other vendors' products we needed to bear in mind that most other security vendors offer a next-gen Firewall solution while the ASA is still a legacy firewall. Based on this, Cisco ASA is by no means a loser here. Cisco ASA is an extremely capable … Helpful? Carlos Daniel Casañas Bertolo ஃ Director Chose Cisco Adaptive Security Appliance (ASA) Software Above all, the robustness and quality of the components, the support and the rapid resolution of warranty issues. Cisco is a serious company and demonstrates this by making the processes with the client as easy as possible. Incentivized Helpful? Verified User Engineer Chose Cisco Adaptive Security Appliance (ASA) Software Cisco tried to build a new platform by bolting acquired and rebranded SourceFire as a next generation platform but really missed the boat. Cisco should be considered a networking company not security. Firewall technology is changing and Cisco needs to reevaluate their place in … Incentivized Helpful? Larry Chisholm Network Engineer Chose Cisco Adaptive Security Appliance (ASA) Software Cisco made sense from the standpoint that my engineers already knew it and there was little learning curve. Personally, I prefer a purpose-built hardware solution. Untangle is not ready for the enterprise as a whole but works great to do web/application filtering . … Incentivized Helpful? RO Richard Oberle Convergence Engineer Chose Cisco Adaptive Security Appliance (ASA) Software We sell both PAN and Cisco products. We feel a certain bias toward ASA as overall they are easier to deploy, easier to troubleshoot, last years beyond their supported lifetime and have extremely sturdy reliable hardware. Helpful? Verified User Engineer Chose Cisco Adaptive Security Appliance (ASA) Software I've used older Cisco PIX and we have a third party that uses Palo Alto firewalls that is more suited for our enterprise but the ASA works seamlessly with our communication manager server. Incentivized Helpful? Brandon Holbrook IT Security Analyst Chose Cisco Adaptive Security Appliance (ASA) Software We selected Cisco ASA because most of the other networking equipment is also Cisco devices. With this we are able to be confident that we will not have any issues with incompatibility. The ability to integrate with other Cisco solutions that we already had in place was also a … Incentivized Helpful? Brian Munn Network Services Manager Chose Cisco Adaptive Security Appliance (ASA) Software We currently have both products running in our environment. The ASA has a more mature product line and we have had create success with implementing and administering the ASA for the years. Solid product with great features. Incentivized Helpful? Eric Krueger Infrastructure Manager Chose Cisco Adaptive Security Appliance (ASA) Software The Cisco back end support is what made the difference for us. The ability to configure the device to our specific needs was a plus as well. VPN was easy to set up and we have had few issues with end users connectivity. Incentivized Helpful?	Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series Verified User Professional Chose Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series PAN was a much more solid choice, with less infrastructure needs required than Checkpoint. Cost was also a factor, with PAN being cheaper, even without the discounts given by our rep. VPN's are much easier to configure with non-heterogeneous products where the checkpoint … Incentivized Helpful? Bear Golightly IT Operations Manager / IT Service Manager Chose Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series We did a shootout between the SonicWall / Fortinet / Barracuda / Cisco ASA + Firepower / Palo Alto, both hardware and (when applicable) VM appliances. The Barracuda / Sonicwall / Fortinet technology is interesting, but nowhere near as robust as the PA technology. Using the … Incentivized Helpful?	pfSense Pablo Mojica Systems Administrator Chose pfSense PFSense is not a fully featured and supported enterprise-grade solution; however, it does offer a lot of similar functionality at a fraction of the cost for more minor requirements. Helpful? Verified User Engineer Chose pfSense pfSense is a lot cheaper and has higher firewall throughput per dollar than "enterprise" network appliances. It's also significantly easier to configure and learn. It may not have some of the "enterprise" features or the support level that someone like Cisco has, but for small … Incentivized Helpful? Victor Arana IT Manager Chose pfSense It's an open source solution can support from 50 to 700 user without sweating and with the half of the standard bundle investment that will take to deploy a FortiGate UTM, or a Cisco ASA, also a Sophos UTM that are quite remarkable units but to pFSense saves you money and will … Incentivized Helpful? Rikia Kosaka Senior Systems Engineer Chose pfSense I've used a number of routers like Cisco, Sonicwall, Juniper, Home based routers, etc. pfSense is like most routers but with the benefit of load balancing and multi-wan. Well many support multi-wan but load balancing is usually a separate device like an BIGiP F5 or Cisco CSS. Incentivized Helpful? Jim Nitterauer Senior Systems Administrator Chose pfSense Neither of the Cisco devices are designed to compete. pfSense does tons more. Incentivized Helpful?

Features

Cisco Adaptive Security Appliance (ASA) Software

Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series

pfSense

Firewall

Comparison of Firewall features of Product A and Product B
	Cisco Adaptive Security Appliance (ASA) Software 8.7 50 Ratings 1% above category average	Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series 8.5 8 Ratings 1% below category average	pfSense 8.8 17 Ratings 2% above category average
Identification Technologies	7.732 Ratings	8.58 Ratings	8.714 Ratings
Visualization Tools	7.731 Ratings	8.08 Ratings	8.714 Ratings
Content Inspection	8.433 Ratings	8.08 Ratings	9.116 Ratings
Policy-based Controls	8.546 Ratings	8.58 Ratings	8.617 Ratings
Active Directory and LDAP	8.448 Ratings	8.08 Ratings	7.613 Ratings
Firewall Management Console	8.849 Ratings	8.58 Ratings	9.516 Ratings
Reporting and Logging	8.449 Ratings	7.58 Ratings	8.317 Ratings
VPN	9.949 Ratings	9.07 Ratings	9.017 Ratings
High Availability	9.549 Ratings	9.07 Ratings	9.416 Ratings
Stateful Inspection	9.846 Ratings	9.08 Ratings	9.915 Ratings
Proxy Server	8.932 Ratings	9.44 Ratings	8.215 Ratings

Best Alternatives
	Cisco Adaptive Security Appliance (ASA) Software	Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series	pfSense
Small Businesses	pfSense Score 8.7 out of 10	pfSense Score 8.7 out of 10	Sophos UTM Score 8.8 out of 10
Medium-sized Companies	Quantum Firewalls and Security Gateways Score 9.2 out of 10	Quantum Firewalls and Security Gateways Score 9.2 out of 10	Quantum Firewalls and Security Gateways Score 9.2 out of 10
Enterprises	Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series Score 9.1 out of 10	Quantum Firewalls and Security Gateways Score 9.2 out of 10	Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series Score 9.1 out of 10
All Alternatives	View all alternatives	View all alternatives	View all alternatives

User Ratings
	Cisco Adaptive Security Appliance (ASA) Software	Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series	pfSense
Likelihood to Recommend	9.0 (87 ratings)	9.0 (10 ratings)	9.3 (30 ratings)
Likelihood to Renew	7.1 (4 ratings)	- (0 ratings)	- (0 ratings)
Usability	- (0 ratings)	9.0 (2 ratings)	9.7 (8 ratings)
Availability	7.5 (2 ratings)	- (0 ratings)	- (0 ratings)
Support Rating	8.7 (8 ratings)	10.0 (1 ratings)	10.0 (1 ratings)
Implementation Rating	8.0 (2 ratings)	- (0 ratings)	- (0 ratings)
Ease of integration	6.5 (2 ratings)	- (0 ratings)	- (0 ratings)

User Testimonials
	Cisco Adaptive Security Appliance (ASA) Software	Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series	pfSense
Likelihood to Recommend	Cisco Cisco ASA's are great for internal network connected access between a firewall and the central management server. And, for complex networks where high security requirements with overly strict compliance are necessary. For networks with limited connectivity to the core or for poor network connectivity these are not the best solution. There are other more stand-alone firewall's that do this better. These firewall's are a little more complex to set up to start with so significant knowledge of these devices is required to set them up and ensure they are best practice installed. Incentivized Verified User Anonymous Read full review	Palo Alto Networks PaloAlto VM-200 is a virtualized firewall with high processing power and network edge protection. The great advantage is being able to implement in a VMware environment without worrying about hardware, rack space, physical network connections and others. It can be easily managed via the web and remotely to create protection, access and reporting rules. The VM-200 firewall can be used by any company, small or large because it has several models available according to the real needs of each one. Incentivized Verified User Anonymous Read full review	Netgate (Rubicon Communications, LLC) I believe PFSense is well suited for both home lab environments as well as up to small to mid-size business environments on a tight budget. However, I would implore that anything in production requires the use of the authorized hardware that PFSense sells to receive support. However, in my experience, PFSense is a solid set-and-forget firewall solution. Pablo Mojica Systems Administrator Read full review
Pros	Cisco ASA is our VPN concentrator. The client and server are very stable and very easy to use ASA also offers Intrusion Prevention, to an extent. This is also very useful for an improved security posture for a small company ASA allowed us to scale very quickly. We could onboard clients, partners, and consultants and give them a great onboarding experience as well Administrative costs with ASA are low. It's very easy to administer. Incentivized Verified User Anonymous Read full review	Palo Alto Networks Decrypt internet traffic daily reporting of top internet users classify internet traffic in real-time to allow us to understand the organization needs. Strong AI capabilities Incentivized RB Ronald Barrett Director of Information Technology Read full review	Netgate (Rubicon Communications, LLC) Easy to use. Good user interface design! Easy to understand and easy to set up. Lower hardware requirement. 3 years ago, we used an old PC to run it. Now, we have changed to a router device with Celeron CPU and 8GB RAM. It runs smoothly with a 1000G commercial broadband. Incentivized Allan Leung IT & T Manager Read full review
Cons	Cisco The ASDM software is at times a nightmare to install because of different java versions[.] [The firewall] could do with a power button, just to be able to do a hard reboot when needed[.] It would be nice to manage the firewall via the web on port 443[.] Incentivized Verified User Anonymous Read full review	Palo Alto Networks High Availability can be improved to allow active-active deployment All command line documentation to provide and support automation It will be nice to have link aggregation just like in the hardware firewall models. Incentivized Shephered Moyo Systems Engineer Read full review	Netgate (Rubicon Communications, LLC) I did kind of mention a Con in the Pro section with OpenVPN. When I create a config for an employee other employees are able to login to that config. I could be doing something wrong when I am making it - I am not afraid to admit that as I am pretty new to all of this, but it seems like it builds a key and I would think the key would be unique in some way to each employee, but I could be wrong. I actually do not have a lot of Con's for this software - I did not get to set this up on our work network so I am not sure of any downfalls when installing. I installed this on my personal machine in a Hyper-V environment to get a feel for it before I started working on it at work and it seemed pretty smooth. I didn't run into any issues. Incentivized Charles R. Coggins III Technical Support Specialist Read full review
Likelihood to Renew	Cisco To be honest there has been now great products out in the market compared to Cisco ASA. I beleieve Cisco has to do a lot of improvement in this area. The other defeiniete factors is the cost when it comes to renewals which is always a premium on Cisco products Incentivized Verified User Anonymous Read full review	Palo Alto Networks No answers on this topic	Netgate (Rubicon Communications, LLC) No answers on this topic
Usability	Cisco No answers on this topic	Palo Alto Networks It is very easy to use, even for those with little experience in this particular firewall. Some of the advanced content filtering and content-based policies are difficult to pick up; however, almost all required decoders are built in. Built-in logging and rule testing make rule definition easy, and labels/tags allow filtering, grouping, and categorisation of rules. Updates are easy, and high availability is also reliable. Incentivized Verified User Anonymous Read full review	Netgate (Rubicon Communications, LLC) The pfSense UI is easy to navigate and pretty go look at. It is much better than some high dollar firewalls that just throw menus you you. The pfSense UI is quick and responsive and makes sense 99% of the time. Changes are committed quickly and the hardware rarely requires a reboot. It just runs. Incentivized Verified User Anonymous Read full review
Reliability and Availability	Cisco I generally have not noticed the outages, however since it's a machine it can malfunction, we need to implement the firewall infrastructure in such a way that it is highly available with device failure, region failure etc. Else any solution will be having the issues if they are not build with resiliency. Incentivized Verified User Anonymous Read full review	Palo Alto Networks No answers on this topic	Netgate (Rubicon Communications, LLC) No answers on this topic
Support Rating	Cisco The support is usually very good and gets back to you very quickly. However I had some instances of when two engineers will give me wildly different answers to what I thought was a simple question. Overall however I do rate the support highly and they are generally always very good. Incentivized Fraser Clark Network Engineer Read full review	Palo Alto Networks Palo Alto VM series are best selling and industry's top-selling security product which customers prefer while securing their public cloud environment Incentivized Verified User Anonymous Read full review	Netgate (Rubicon Communications, LLC) pfSense+ basic provides "As Available" email support. pfSense+ Pro offers 24 hr turn around email support. pfSense+ Enterprise offers 24/7 phone support. Incentivized Jerry Riggin President Read full review
Implementation Rating	Cisco It was quite a good one, how ever requires an expertise to deploy hence the SMB segment would be finding it difficult to implement this product. The one good reason is that there are lot of ASA certified engineers in compared to the other certified engineers. Hence this resembles positively on the deployment as you have quite a lot of experienced engineer on your deployment Incentivized Verified User Anonymous Read full review	Palo Alto Networks No answers on this topic	Netgate (Rubicon Communications, LLC) No answers on this topic
Alternatives Considered	Cisco We were using [pfSense] before in our environment but we regularly facing difficulties over it due to software bugs & downtime. After implementing Cisco ASA, it resolved our availability issue & provides us a reliable solution with the best security features & easy to understand GUI. Incentivized Chirag Deol Chief Marketing Officer Read full review	Palo Alto Networks palo alto firewalls are application-oriented systems. They can beat other product which are based on layer 3/4 inspection. Vm series are also quickly available and could be useful in urgent deployment needs . other vendors like Fortinet and cisco could take much more time to provide the VM and in some cases installation and license validation are complicated Incentivized Verified User Anonymous Read full review	Netgate (Rubicon Communications, LLC) Meraki has a unified management login for all devices, which is nice. It also has decent content filtering, both areas where pfSense is weaker. Where pfSense far ouclasses Meraki is in the ease of use and the other width of features. These include features such as better VPN interoperability, non-subscription based pricing, auditability, not relying on the infrastructure of a third party, more transparency of what's actually going on, easier to deploy replacements if hardware fails. Additionally, the NAT management for pfSense seems to be a bit better, as you can NAT between any network segment and not just the LAN segments out the WAN interfaces. Verified User Anonymous Read full review
Return on Investment	Cisco Most network engineers have worked with ASA, so there is no need for re-training when adding or turning over staff Current configs from older devices plug in easily, and are operational on larger devices if an upgrade is required Many support options available Incentivized Larry Chisholm Network Engineer Read full review	Palo Alto Networks ROI has been achieved quickly through lack of security incidents. Inline filtering happens at line rate, unline Sourcefire from Cisco. Great incentives from PAN to switch made a difference in the choice to change. Incentivized Verified User Anonymous Read full review	Netgate (Rubicon Communications, LLC) pfSense can be installed on commodity hardware with no licensing fees. With a simple less than 10 minute restore time, on most hardware, it's an extremely inexpensive way to achieve the same results that some of the more expensive vendors provide. The easy to use interface has allowed configuration management to be preformed by lower level technicians with quick and easy training. Incentivized Aaron Smith Information Technology Manager Read full review
ScreenShots