Cisco ASA 5500-X with FirePOWER Services vs. Palo Alto Networks Next-Generation Firewalls - PA Series

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Cisco ASA 5500-X with FirePOWER Services
Score 7.7 out of 10
N/A
Cisco offers a threat-focused next-generation firewall (NGFW), the ASA 5500-X Series. The ASA 5500 Series platforms can run either the Cisco ASA Firewall or Cisco Firepower Threat Defense (FTD). The series features appliances in a variety of form factors, including standalone options for small and midsize businesses, ruggedized appliances for extreme environments, midsize appliances for security at the Internet edge, and high-performance appliances for enterprise data centers.N/A
Next-Generation Firewalls - PA Series
Score 9.3 out of 10
N/A
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.N/A
Pricing
Cisco ASA 5500-X with FirePOWER ServicesPalo Alto Networks Next-Generation Firewalls - PA Series
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Cisco ASA 5500-X with FirePOWER ServicesNext-Generation Firewalls - PA Series
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional DetailsCisco ASA 5500-X pricing starts at ~$400 and scales up to $20,000 for higher capacity appliances.—
More Pricing Information
Community Pulse
Cisco ASA 5500-X with FirePOWER ServicesPalo Alto Networks Next-Generation Firewalls - PA Series
Considered Both Products
Cisco ASA 5500-X with FirePOWER Services
Chose Cisco ASA 5500-X with FirePOWER Services
The network is homogenous to Cisco and the integration with Cisco products is very easy (e.g. Identity Services Engine). As I am a certified engineer in Cisco Security, it feels very easy to handle Cisco products especially as more and more support docs are available across the …
Chose Cisco ASA 5500-X with FirePOWER Services
Palos are great but they are a bit more expensive. Cisco ASA 5500-Xs are very competitive budget-wise. Small to medium offices can easily afford Cisco ASA 5500-X with FirewPOWER services compared to Palo Altos. At the end of the day cisco even though more affordable still get …
Next-Generation Firewalls - PA Series
Chose Palo Alto Networks Next-Generation Firewalls - PA Series
We are using Cisco ASA before in our environment but when it comes to deep scanning & layer 7 security it doesn't have that capability. After using Palo Alto Networks Next-Generation Firewall we are using sandboxing & advance malware protection that provides high-level end-user …
Chose Palo Alto Networks Next-Generation Firewalls - PA Series
No one can say any other companies in this time is better than Palo Alto Networks Next-Generatoin Firewalls. Palo Alto offers very advanced features which protect you[r] organization. Advanced malware protection, anti spam, lots of other threats.
Chose Palo Alto Networks Next-Generation Firewalls - PA Series
Palo Alto has a user-friendly GUI and it comes with a single console from where you can manage all the policies and routing. It has advanced capabilities to prevent APT (Advanced Persistent Threat) attacks. Cisco Firepower lacks in capabilities with Palo Alto if we compare it.
Top Pros
Top Cons
Features
Cisco ASA 5500-X with FirePOWER ServicesPalo Alto Networks Next-Generation Firewalls - PA Series
Firewall
Comparison of Firewall features of Product A and Product B
Cisco ASA 5500-X with FirePOWER Services
9.0
30 Ratings
6% above category average
Palo Alto Networks Next-Generation Firewalls - PA Series
9.4
21 Ratings
10% above category average
Identification Technologies9.228 Ratings9.921 Ratings
Visualization Tools9.024 Ratings9.021 Ratings
Content Inspection9.129 Ratings9.921 Ratings
Policy-based Controls9.828 Ratings10.021 Ratings
Active Directory and LDAP9.829 Ratings9.920 Ratings
Firewall Management Console9.230 Ratings10.021 Ratings
Reporting and Logging8.829 Ratings7.621 Ratings
VPN9.830 Ratings8.421 Ratings
High Availability9.828 Ratings10.020 Ratings
Stateful Inspection8.14 Ratings10.020 Ratings
Proxy Server7.23 Ratings8.810 Ratings
Best Alternatives
Cisco ASA 5500-X with FirePOWER ServicesPalo Alto Networks Next-Generation Firewalls - PA Series
Small Businesses
pfSense
pfSense
Score 9.2 out of 10
pfSense
pfSense
Score 9.2 out of 10
Medium-sized Companies
Next-Generation Firewalls - PA Series
Next-Generation Firewalls - PA Series
Score 9.3 out of 10
pfSense
pfSense
Score 9.2 out of 10
Enterprises
Next-Generation Firewalls - PA Series
Next-Generation Firewalls - PA Series
Score 9.3 out of 10
Sophos UTM
Sophos UTM
Score 8.9 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Cisco ASA 5500-X with FirePOWER ServicesPalo Alto Networks Next-Generation Firewalls - PA Series
Likelihood to Recommend
9.4
(30 ratings)
9.5
(37 ratings)
Likelihood to Renew
9.6
(3 ratings)
10.0
(1 ratings)
Usability
7.2
(2 ratings)
10.0
(2 ratings)
Availability
10.0
(1 ratings)
-
(0 ratings)
Performance
9.4
(26 ratings)
-
(0 ratings)
Support Rating
9.6
(29 ratings)
8.4
(9 ratings)
Implementation Rating
10.0
(2 ratings)
-
(0 ratings)
Ease of integration
9.0
(1 ratings)
-
(0 ratings)
User Testimonials
Cisco ASA 5500-X with FirePOWER ServicesPalo Alto Networks Next-Generation Firewalls - PA Series
Likelihood to Recommend
Cisco
This firewall is best suited for the network edge/perimeter deployment. The next gen features works very well and the remote access VPN is also very much suitable for the organizations which have a huge user base working remotely. The Remote Access VPN is very much customizable and the authentication integration option like LDAP and RADIUS provides and addon.
Read full review
Palo Alto Networks
Palo Alto firewall only affords by Large level infrastructure having a budget for Security Prospect. I will recommend it for the Card information industry & Confidential data solutions. Because it provides a bucket of security features that are not easily vulnerable.
Read full review
Pros
Cisco
  • The Cisco ASA with FirePOWER Services model works perfectly for network edge protection scenarios.
  • It allows for the creation and connection of sites through site-to-site VPN configuration.
  • It enables remote connection and home office with remote SSL or IPSEC VPN.
  • It has layer 7 traffic protection and visibility.
  • It has anti-malware protection from start to finish.
  • The configuration is easy to perform.
Read full review
Palo Alto Networks
  • The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
  • The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
  • The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
  • It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
Read full review
Cons
Cisco
  • URL Filtering feature could be easier to utilize for beginners
  • I'd like to see a visual of VPN networks setup and show the functioning or malfunctioning status to assist in making troubleshooting easier
  • Recommendations on ACLs for beginners based on their account creation date
Read full review
Palo Alto Networks
  • Our specific model is a bit slow and outdated and takes up to 10 minutes to commit a configuration change.
  • Nested security rules would be helpful instead of a linear approach. But rule creation in general is very simple.
  • Documentation gives a very straight forward answer to some items but is very vague in others.
  • Support could be a little better. An issue we had a tech was insistent it was the "other guy" and it ended up being the very latest PAN OS upgrade.
Read full review
Likelihood to Renew
Cisco
Ever since we installed Cisco ASA 5500-X with FirePOWER Services we have never had to deal with an attack. We can see in the logs almost every day hackers attempting to break into our networks and failing. We also have the ability to blacklist every IP address that attempts to break into our firewalls
Read full review
Palo Alto Networks
The PA5220s have far exceeded what we have expected out of them. It was a bit of a learning curve coming from another vendor, but everything falls into place now with ease. The capabilities of the solution still surprise us, allowing us to remove other costly hardware and providing a single point of management needed
Read full review
Usability
Cisco
Cisco firepower provides automatation for an organisations security operations to detect and stop the most advanced threats fast. It also assists in preventing attacks in using intelligence and innovative solutions.
Read full review
Palo Alto Networks
In my opinion, the Palo Alto Firewall is the simplest firewall in terms of management interfaces; though it has more advanced options that apply to more advanced use cases. Configuring basic features on the firewall is nearly self-explanatory; configuring more advanced features can be met with very thorough vendor documentation.
Read full review
Reliability and Availability
Cisco
We have never had an outage caused by firewall failure. We have had a few outages caused by the internet failing or cloud applications going offline but never a firewall breaking down. When making changes we have a very strong change control, major software updates are always carried out out of working hours. At places where we have two firewalls in HA, we are able to do upgrades in working ours and the users will never know that an upgrade is taking place, that how great these firewalls are
Read full review
Palo Alto Networks
No answers on this topic
Performance
Cisco
The Cisco ASA 5500X with Firepower performance needs consideration before deploying. Although the solution is Pay as you grow, adding additional features to the system has a negative impact on overall throughput. I would more like now only to deploy the Cisco FPR units as they have better performance and will last the test of time.
Read full review
Palo Alto Networks
No answers on this topic
Support Rating
Cisco
I would recommend the purchase of the Smartnet 24x7 service in the case of a unit and the Smartnet 8x5NBD in the case of only one appliance installed on site. This service is important to always have the latest firmware updates, corrective updates and especially the hardware warranty and maintenance service in case of problems. The service is done by phone or on the official Cisco website and I can say that it is very good and efficient.
Read full review
Palo Alto Networks
We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets.
Read full review
Implementation Rating
Cisco
We implemented a centralized management of all our Cisco ASA 5500-x with FirePOWER Services so that we can have a holistic view of all our sites in London and other European countries. This also helps when making changes, instead of login on to each firewall we can use Firepower Management Center (FMC) to central deploy changes across all devices
Read full review
Palo Alto Networks
No answers on this topic
Alternatives Considered
Cisco
Previous],] I was using the [pfSense] in my organization but when i switched to [Cisco ASA 5500-X with FirePOWER Services] I realized there are lots of issue and missing security features in [pfSense]. The deployment and configuration is very easy as compare to [pfSense]. I highly recommend this product to everyone.
Read full review
Palo Alto Networks
No one can say any other companies in this time is better than Palo Alto Networks Next-Generatoin Firewalls. Palo Alto offers very advanced features which protect you[r] organization. Advanced malware protection, anti spam, lots of other threats.
Read full review
Return on Investment
Cisco
  • Working of remote workforce made easy
  • Security was enhanced on the data traffic shared with the vendors due to the use of VPNs
  • Inbound attacks were mostly blocked on the edge and saved a lot of resources (which could had been used in case of attacks getting successful on the application servers)
Read full review
Palo Alto Networks
  • Overall, even though the device is very expensive (both hardware and licensing), the product does produce a decent ROI, given that one (or HA pair) of devices can do so many things, such as anti-virus, anti-malware, URL filtering, SSL decryption, SSL VPN, routing, etc.
  • There will definitely be sticker shock when you're renewal comes up annually (or after 3 years), so be sure to look very carefully at the recurring costs of this product, with respect to licensing and hardware/software maintenance.
Read full review
ScreenShots