Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Firewall/Security Vendor Suggestion


Please bare with me before we start the main content...

First, I would need your suggestion. Especially if you got hand-on experience with the following vendor products.

Second, If you could help list Pros and Cons for the suggested vendor/product, that will be great.

Third, prefer to not to make this to be a hugh feature comparison plus no personal attack plz (u know what would happen if someone saying others are better than Cisco here )

So here is what I need suggestion for: we are solely a Cisco shop when selling firewalls to customer, mainly SMB customers. Now we would like to expand our product offering portofolio on the network security side. So we wont stuck with one product(we had a really bad experience end last year of a particular Cisco product). After some digging, I narrow down to followings:




There is a big ISP re-selling juniper firewall here in town. So might not be a good idea to join fight with them...

So what is your suggestion? Maybe there are also other vendors/products I missed? Please keep in mind, our target market is mainly SMB.

Also from certification perspective, the value of the cert from vendor? I had CCSP (now called CCNP Security) but expired in 2010 ...



Community Member

Firewall/Security Vendor Suggestion

I really like the Fortinet stuff. You get an unlocked product, and no nickle and dimeing for licenses. The big downside is that if you turn all the possibe features on it..Very Slow.

Community Member

Firewall/Security Vendor Suggestion

Thanks, I never worked on Fortinet stuff before but heard their hardwares are good.

I guess the box will run slow for all UTM if all features are turned on.

Firewall/Security Vendor Suggestion

Checkpoints are solid. The only Enterprise worthy firewall. However since you focus on SMB's, they might be too expensive. Watchguards are junk. Fortinets are OK, Some others I have run into are Sonicwalls and Palo Alto.

Community Member

Firewall/Security Vendor Suggestion

After some deep reading online, Checkpoints and Palo Alto are both expensive and yes, you are right, SMB probabaly wont spend money on the fancy firewall. That why we are looking at watchguard...

I worked on couple of watchguards. The old ones are hard and funky to work with; the new ones are better now...

Firewall/Security Vendor Suggestion

Have you looked at Cisco's SMB firewalls or the low end Enterprise ASA5505? Which one did you have a bad experience with?

In my opinion a router with security license almost always fits better than a traditional firewall. Do you always sell with UTM up front?

Community Member

Firewall/Security Vendor Suggestion

We are Cisco shop right now for SMB firewalls. So we sell alot ASA.

I had bad experience with ISA550W. The software is buggy and support is slow...we eventually replaced it with 5505 for customer at our cost. I donot think ISA500 series page is still available now on cisco product page though...

I personally would argue that dedicated boxes will always be better than UTM but the market for all-in-one just bigger...

The Cisco Router with Security feature is always more experience than a ASA, isnt it?

Firewall/Security Vendor Suggestion

IMO UTM is strictly a marketing term. In the real world I have yet to see a device that can do everything. A router is not always more money. For example an ASA5505 with unlimited users is more money than an 891 Security router. A 50 user license with Anyconnect is within a couple of hundred dollars of an 891. If you buy a 10 user count license, then the ASA has a lower cost. The nice thing about routers is that they have such a rich feature set. Features like DMVPN, QoS, AVC, Multicast, GRE, PBR, etc that ASA's can't do. The features in IOS should be an easy sell to the customer.

Community Member

Firewall/Security Vendor Suggestion

I would have to agree with you however personal experience is Firewall is the term attracts SMB owners, not router...

CreatePlease to create content