Cisco ASA 5545-X - security appliance - with FirePOWER Services
Mfg # ASA5545-FPWR-K9
CDW # 3427643
Quick tech specs
- X
- 8 ports
- 1U
- with FirePOWER Services
- Security appliance
- 1GbE
- rack-mountable
Know your gear
Midsize businesses protecting the Internet edge require the same level of protection as large, enterprise networks. You require enterprise-strength security, but purchasing a firewall that was built to handle the performance needs and budget of a large enterprise would be unnecessary and a waste of company resources. You need a firewall that provides the performance you need at a price you can afford, without compromising security.
Cisco ASA 5500 series adaptive security appliance fits your network and budget while offering the same proven level of security that protects some of the largest networks at some of the most security-conscious companies in the world. The ASA 5500 series scales to meet the performance and security requirements of a wide range of network applications, to correspond with your changing needs.
The Cisco ASA 5545-X is midrange security appliance that uses the Cisco SecureX framework for a context-aware approach to security that delivers multiple security services, multigigabit performance, flexible interface options, and redundant power supplies. It is built on the same proven security platform as the rest of the ASA family of security appliances, and has been designed to deliver superior performance for exceptional operational efficiency.
Cisco ASA 5500 series adaptive security appliance fits your network and budget while offering the same proven level of security that protects some of the largest networks at some of the most security-conscious companies in the world. The ASA 5500 series scales to meet the performance and security requirements of a wide range of network applications, to correspond with your changing needs.
The Cisco ASA 5545-X is midrange security appliance that uses the Cisco SecureX framework for a context-aware approach to security that delivers multiple security services, multigigabit performance, flexible interface options, and redundant power supplies. It is built on the same proven security platform as the rest of the ASA family of security appliances, and has been designed to deliver superior performance for exceptional operational efficiency.
Add to Compare
Enhance your purchase
Cisco ASA 5545-X - security appliance - with FirePOWER Services is rated
4.50 out of
5 by
43.
Rated 5 out of
5 by
Zhulien Keremedchiev from
Good evaluation period, support, and it has a powerful intrusion policy
What is our primary use case?
My primary use case with Cisco Firepower NGFW is implementing, configuring, maintaining, and troubleshooting lab and customer devices in both lab and production environments.
Using best practices for configuration, as well as fine-tuning intrusion policies and utilizing as many of the features that the firewall has to offer, which are feasible in said environment.
Overall, I am confident to say that I have worked with every flavor of Cisco Firepower NGFW, be it their older IPS-only sensors, ASA with Firepower services, as well as the FTD sensor itself.
How has it helped my organization?
Cisco Firepower NGFW has improved our organization by giving us the opportunity to protect both our network and our customer's environments. Being able to work with the device in a lab environment and utilizing the whole feature set is really easy with the Evaluation licenses of 90 days on the FMC. The only thing that you need is an environment with enough resources to virtualize both the FMC and FTD sensors.
I would like to emphasize the easy-to-use evaluation period of the Cisco Firepower NGFW because many other firewall vendors lack this and it is a real pain having to test everything in production environments because you cannot build a good lab environment without paying for licenses.
What is most valuable?
The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy.
Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more.
All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update.
What needs improvement?
I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device.
Also, they need to ensure that all of the implemented features are working as they should, and able to integrate with more third-party software in an easier manner.
As it stands currently, Cisco is doing this, but I am not confident enough to say that their QA team is doing as good a job as they should as there have been software releases that were immediately pulled back the same day as they were released.
For how long have I used the solution?
I have been working with Cisco NGFW for almost five years as of 2020.
What do I think about the stability of the solution?
I have seen devices working without any issues and/or without a reboot of the device for many years (although I do not recommend this) running on base versions of the software, and I have seen an out of the box fresh install having many stability issues. However, overall my impression is that the most recent software versions are very stable without any evident underlying issues.
Keep your software up-to-date and the solution should be stable.
What do I think about the scalability of the solution?
Cisco Firepower NGFW has a large variety of devices that are able to accommodate every company's needs, be they small or large. Overall, the scalability of the devices is very good.
How are customer service and technical support?
Experience with Cisco TAC has been awesome almost always. The SLAs are kept every time, which is very hard to get from any of the other firewall vendors. I have not seen any other vendor get you a proficient engineer on the phone within 15 minutes.
Which solution did I use previously and why did I switch?
Cisco ASA and Firepower NGFW is the first firewall solution that I have and am still using.
How was the initial setup?
Once you deploy a few of these devices, the initial setup is really straightforward and easy to do unless the position of the firewall on the network needs you to do some connectivity magic in order for it to work.
What about the implementation team?
All of the implementations that we have done are with in-house teams, so I have no overview of the vendor team.
What's my experience with pricing, setup cost, and licensing?
Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed. In some cases, this may save you a lot of money or stress, which is why everyone who uses Cisco solutions loves them.
Which other solutions did I evaluate?
I have worked with many other firewall vendors in both production and lab environments such as CheckPoint, Palo Alto, Fortinet, Juniper, but to be honest I find Cisco's firewall solutions and Palo Alto's firewall solution to be the best.
What other advice do I have?
I believe that Cisco Firepower NGFW is the future leader in NGFW, with only maybe Palo Alto being the main competitor. This is very good, as we all know that having a rival is good for us, the users :)
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2020-10-14T00:00:00-04:00
Rated 5 out of
5 by
reviewer1141920 from
Default intrusion prevention engine helps identify malicious code and prevent it from being pushed into the system
What is our primary use case?
We helped a customer to configure a new data center network. We provided the core firewalling. Between virtual routing instances, or virtual networks, we had two Firepower 2130s in HA. We did the routing and firewalling between the VRS and, in the same data center, we have an internet edge firewall also set in HA that provided the routing and firewalling to the internet and to Azure. In the same data center we had two ASAs for out-of-band management. If an error occurred in the data center, we could VPN into the ASA and troubleshoot the routing issues in the data center.
How has it helped my organization?
I have customers that have migrated from Cisco ASA to Cisco Firepower. They have benefited from the change because they have much more visibility into the network. An ASA is often used as a Layer 3 to 4 firewall. We allow networks and ports. But a Firepower firewall has the default intrusion prevention engine, so you can allow it to https on port 443, but it can also look into the packet, with deep packet inspection, and see if there is malicious code that is trying to be pushed into your system. It's a much more secure product than just having a Layer 3 to 4 firewall. It is a Layer 3 to 7 firewall.
We also use Cisco Talos, and when we configure a Firepower, we set the automatic update to get the latest vulnerabilities and databases, SNORT rules, geolocation database, and security intelligence from Talos. Our customers aren't benefiting directly from Cisco Talos, but they are benefiting from having a product like Firepower that has connections to Talos.
What is most valuable?
For Firepower the most important features are the intrusion prevention engine and the application visibility and control. The SNORT feature in Firepower is also valuable.
For ASA, the most valuable feature is definitely the remote access VPN solution. The AnyConnect solution is very scalable and stable—there are no errors or flaws—which is necessary in today's world when we're all working remotely. The remote access VPN for ASA is very good.
When it comes to application visibility and control, both ASA and Firepower can provide them but the AVC feature is mostly used in Firepower. You can allow or disallow many applications through Firepower, through the access control policy.
If you configure Firepower correctly, it is good when it comes to threat visibility. It is proficient. It is the state of the art when it comes to blocking threats, network-wise. If you use it with an SSO encryption, and use your own features, blacklists, security intelligence, intrusion prevention, and access control points—if you are using it with every feature—Firepower can block most threats on your network. But it can't stand alone. It is necessary for the clients to have AMP for Endpoints, Cisco Umbrella, and Cisco ISE. If you're using Firepower as a standalone device, it can block, say, 20 or 30 percent more than the ASA can. But if you're using all of the security features from Cisco, you get much more security. It's like an onion's layers. The more layers you have, the more protection you have.
What needs improvement?
On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it.
Firepower Management Center is slow. It could be better. And the Firepower Device Manager doesn't have all the features that the ASA has, and that's despite the fact that it's almost the same product. Cisco could use many more features from ASA in Firepower Device Manager.
For how long have I used the solution?
I have used Firepower for two years and I have worked with all Firepower models: Firepower 1000 Series, 2000 Series, Firepower 4000. I have never had my hands on a Firepower 9300, but it's mostly the same as the 4000 and 9000 Series. I have also used Firepower Management Center, virtual, the 1000 Series, and the 1600. I have also used Firepower virtual devices, the Firepower Next-Generation Firewall Virtual (NGFWv).
What do I think about the stability of the solution?
If you stay on the recommended releases, Firepower is very stable. Cisco has had a lot of trouble and issues with Firepower since they acquired Sourcefire, and some of the issues or problems are still there. But if you stay on the recommended releases you shouldn't hit that many errors or bugs. It can be stable, but it can also be very unstable if you jump on the newest release every time.
What do I think about the scalability of the solution?
Firepower scales well if you have the 4100 Series or 9300 Series. They can scale and you can cluster the devices. Otherwise, you can only add one device, but that's more for the small customers. But if you get up to the high-end series of Firepower, it scales very well.
We have customers that have 100 or 200 clients but we also have customers that have 20,000 endpoints. They are using several different appliances. Two devices for internet edge, two devices for core infrastructure, and two devices for VPN. We help customers of all sizes.
How was the initial setup?
First you have to configure the Firepower Device Manager, or Firepower Management Center. When you bootstrap it or do the initial config, you type in the IP address, host name, and DNS. When you have the IP configuration in place, you can log in to the Firepower Management Center and start building policies that suit your needs. When you have all the policies, you can add or join Firepower devices to the Firepower Management Center. After adding the devices to the Firepower Management Center, you can then apply the policies that you built in the first place, through the devices, and that will affect the behavior on the devices.
Which other solutions did I evaluate?
ASA is best for VPN solutions, site to site, remote access VPN. It's for everything that is connected with VPN solutions. For every other feature, Firepower is better. While Firepower is getting better for VPN, it's not where it should be yet.
I have tried configuring Zyxel firewalls. I have never logged in to Check Point or Palo Alto. From my point of view, Firepower is better than Xyxel when it comes to application visibility and control.
What other advice do I have?
Have a plan. Find out how much bandwidth and throughput you need before you implement it because if you don't scale it well from the start, it can slow down your environment. Keep in mind that it adds so much security that the total data throughput can take a hit.
We have many customers, but in general, many of our customers are using all the tools they can to secure their infrastructure, such as AMP, Umbrella, and Firepower. Many companies are doing what they can to secure their network and their infrastructure. But there are also customers that only have a firewall. In today's world that's not enough to secure the network at all, but that's a decision the customer has to live with. We have tried to push them in the right direction. But the majority of our customers have a secure infrastructure.
The other Cisco products or services our customers are using in conjunction with their firewall include AMP, AnyConnect, cloud mail Email Security Appliances, Cisco ISE, and Web Security Appliances. We are only a Cisco partner. We don't do HP or Check Point or Palo Alto, so our customers do have a lot of Cisco features. For regular use, the integration among these Cisco products is pretty easy, but I have also worked with these products a lot. But it's easy to implement a firewall solution on Firepower and you can tweak it as much as you like. ASA is also easy to set up and configure, in my opinion, but I'm a security professional. For a regular user, both products can be pretty cumbersome.
Disclaimer: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:Partner
Date published: 2021-02-11T00:00:00-05:00
Rated 5 out of
5 by
reviewer1388706 from
Great for blocking attacks, best support, and very easy to use
What is our primary use case?
I use it to protect my DMZ from external attacks.
How has it helped my organization?
Last year, we received a lot of linear service attacks in our environment during the Black Friday season. Cisco Firepower blocked every attack.
What is most valuable?
The Adversity Malware Protection (AMP) feature is the most valuable.
It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard.
What needs improvement?
Its interface is sometimes is a little bit slow, and it can be improved.
When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode.
In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment.
For how long have I used the solution?
I have been using Cisco Firepower for two years.
What do I think about the scalability of the solution?
We use it specifically for DMZ, so we don't need it to scale it up. Because we are using this solution for a specific environment, we don't plan to increase its usage.
We have a few teams who use this solution. We have the information security team for reading the logs and policies. We have administrators, and we also have contractors for the network operation center to analyze some logs and reports.
How are customer service and technical support?
We have used their technical support. They are amazing. Cisco's technical support is the best.
Which solution did I use previously and why did I switch?
We have used Check Point and one more solution. The main difference is in the IPS signatures. Cisco Firepower has precise and most updated IPS signatures.
How was the initial setup?
The initial setup is easy. The deployment took two months because we didn't have Firepower previously, and it took us some time to plan and implement.
What about the implementation team?
We used our reseller and contractor to deploy Cisco Firepower. They were good.
What other advice do I have?
I would recommend this solution. I would rate Cisco Firepower a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2020-11-15T00:00:00-05:00
Rated 5 out of
5 by
Mufeed Siaj from
Good throughput, with one-of-a-kind support, that is scalable
What is our primary use case?
I am a pre-sales engineer, and I do comparisons based on my customer's requests.
What is most valuable?
The most valuable features of this solution are the integrations and IPS throughput.
What needs improvement?
The price and SD-WAN capabilities are the areas that need improvement.
In the next release, I would like to see more of the FortiGate features added. FortiGate is compatible with Cisco ACI, but I can't see Firepower with Security Fabric. For example, if I had Fortinet activated, could I integrate with it?
For how long have I used the solution?
I have familiar with the Next Generation firewalls for two years, and six years with firewalls in general.
What do I think about the stability of the solution?
It's a stable product.
What do I think about the scalability of the solution?
It's scalable indeed.
Our clients are SMB Enterprise.
How are customer service and technical support?
It's just a fact, nothing is better than Cisco technical support.
Which solution did I use previously and why did I switch?
Previously, I was working with Fortinet. I would most likely recommend Fortinet, because of the price and the security fabric integration with other products. It's scalable as well, and all of the FortiGate features are useful.
It's very easy to implement and it's very easy to administrate.
How was the initial setup?
The initial setup was straightforward. With other vendors, it is easier, but it was straightforward.
What's my experience with pricing, setup cost, and licensing?
This product is expensive.
What other advice do I have?
I would rate this solution an eight out of ten.
Disclaimer: My company has a business relationship with this vendor other than being a customer:
Date published: 2020-11-29T00:00:00-05:00
Rated 5 out of
5 by
reviewer1500255 from
Protects your system against threats and advanced malware
What is our primary use case?
We use it for the actual firewall and also site-to-site VPN.
Our company is always growing. Every day's a new day and there is always something new to learn. We are a mature organization, but we can never sit still. We have two company locations and we use Cisco Firepower as our main firewall at both locations.
Overall, for security, we use about seven tools.
Within our company, there are just two people that maintain this solution. Myself and the IT manager. I'm the network administrator.
How has it helped my organization?
We were the subject of a ransomware attack a little over a year ago. Due to our console, we're able to easily see where the threat came from, all the while being able to shut down the network but maintain our network on the other side — or the other side of the site-to-site VPN. Then we could fix what we needed to be fixed here, and then subsequently correct the issues on the other side.
What is most valuable?
The manageability through the FMC is superb. I have a single dashboard that I can manage my firewalls from. I can see and manage all of my objects and control all my policies. I can look at all my logs and control my whole network from one dashboard.
What needs improvement?
FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it. Maybe more of an IDS approach. I don't know a better way to say it, but more of a heavier proactive approach rather than a reactive one.
For how long have I used the solution?
I have been using Cisco Firepower NGFW Firewall for two years.
What do I think about the stability of the solution?
I have had little to no issues except with the first version that we had. There was a known issue with Cisco in the first version. When I went to do a restore, there was a known issue with something with the Linux kernel. It took us about two weeks to get the restore working. It was a scary moment for us, but we worked through it, and ever since we've had no issues, stability-wise.
How are customer service and technical support?
I have contacted support multiple times and I have no problems with them. I think they do the best with what they have — especially with the pandemic this year. I think they've done everything they can do with what they have. They don't stop. They don't give up until the issue is resolved. They're really good with following-up too, making sure that the issue hasn't come back.
Which solution did I use previously and why did I switch?
We have another product that monitors all traffic. It just sits back and idols in the background — It integrates, but it doesn't if you know what I mean. It's a separate dashboard, but it alerts us. We can control the security — level zero through one hundred. If a threat registers above 54% (we have the limit set at 51) it alerts us. If it's a specific threat, it can shut down services, ports, machines, authentication, and so on and so forth.
We also use AMP, Umbrella, SecureX, and Duo. They're pretty easy to integrate. I wouldn't say beginner level, but if you have a working knowledge of networks and security, you can easily get them integrated. Also, if you need help, Cisco's always there to assist.
We use Firepower Management Center — it's a wonderful tool. It has an awesome all-in-one pane of glass dashboard so you can manage multiple devices from one dashboard. It's also very easy to set up.
We used to use SonicWall. Cisco was purchased right before I came on board, but from my knowledge, we had issues with the licensing of SonicWall. We are a Cisco shop. Both my manager and I prefer Cisco over other vendors. We have more experience with Cisco and their customer support and the products themselves are just better in our experience.
How was the initial setup?
The deployment was with all new networks, so the architecture was with a peer. We first sat down and discussed or laid out our network and what it would look like through IP schemes and everything else in that sense. We then figured out how many users we would have and decide what size of hardware we would need. We decided on what type of VPN connection and what certificates we would need. After that, once we were able to secure those tunnels and get communication going between our two locations, we then started tightening down our two networks as we have multiple networks within each location.
We had to decide what all needed to communicate with one another. Not every network needed to touch the outside world.
What about the implementation team?
From start to finish, including production rollout for other areas, deployment took roughly one month. We did it all in-house.
Some maintenance is required involving security patches. Cisco is really good at deploying those or not deploying those, but putting those out and having release notes and upgrade paths and just the information behind all of their patches. Cisco does a really good job with that.
What's my experience with pricing, setup cost, and licensing?
With any solution from anybody, I always think that licensing is a little high — but it's comparable to other companies. It definitely competes with the other vendors in the market.
What other advice do I have?
If configured, Firepower provides us with application visibility and control.
The ability to futureproof our security strategy is definitely there. There are a lot of functions that we don't yet use. When I say we don't use a function, I mean that the functionality or the ability is not turned on yet simply because we have not gotten around to it. The ability is there, the capability is there. That also goes into the reasoning behind why we chose it.
Do your research, know your skillset, be comfortable with your skillset, and don't be afraid to challenge yourself.
Overall, on a scale from one to ten, I would give this solution a rating of eight.
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2021-02-04T00:00:00-05:00
Rated 5 out of
5 by
reviewer1662657 from
Enables us to create policies based on who is accessing a resource instead of just IP addresses but the UI needs improvement
How has it helped my organization?
I can't put Cisco on the firewall when the security landscape has changed so much in the past five to ten years. We are doing a lot more in the next generation of firewalls. We had a legacy classic firewall before we went to Firepower, and we spent a lot less time on that firewall, but we are spending more time on the Firepower because we are utilizing a lot of the features that are available in Firepower that were not available in the previous firewall that we had. I'm not going to say that we're spending less time, but we're gaining more value.
Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.
What is most valuable?
If I were to have been asked a few weeks ago, I would have said threat prevention was the most valuable feature, but the world is changing a lot, so my favorite features a few years ago might not be my favorite features today.
What needs improvement?
The visibility the solution gives when doing deep packet inspection can be complex. I really like the visibility, but it's not always intuitive to use. I also help other customers. We are a contracting company that implements their solutions, and I've found that it's not always easy to get everyone to utilize some of the visibility features. But for me personally, I think they're very valuable.
The ease of use when it comes to managing Cisco Firepower has a lot of room for improvement. When monitoring a large set of firewall policies, the user interface could be lighter. It's sometimes heavy in use, and there could be improvements there. I know they're trying to make improvements.
It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience.
For how long have I used the solution?
We were an early adopter when Firepower first came out. I've been using Cisco firewalls for the last two decades.
What do I think about the stability of the solution?
For newer hardware models, the stability is good. We've tried to run Firepower on some of the legacy-supported hardware as well, but with the stability issues, they are not as good. If I were to judge based on the hardware that I have, I'd say it's good. I haven't had any issues with the stability on my platform.
What do I think about the scalability of the solution?
We just recently enabled Snort 3 so I'm evaluating the functionality. That's what we've considered, but we haven't done any performance testing. Our company would qualify as a small to medium business company. The average office environment is about 100 to 200 people. Performance-wise, my company is about 120 people.
Scalability is really not relevant. I know there are features that address some of those parts, like clustering and stuff, but that's really not applicable in my use cases.
How are customer service and technical support?
The support is eight to nine out of ten. You can't blame them for any faults of the prototypes, but the support has been really good and really helpful when we had any issues.
Which solution did I use previously and why did I switch?
I have hands-on experience in both Fortinet and Palo Alto. So if I were to compare this to Palo Alto, for example, I would say that the user interface in Palo Alto is a lot better. But the reason that I'm working with Firepower is that we have a Cisco network as well, and Cisco ISE. We're trying to integrate different Cisco solutions. We're trying to utilize the ecosystem benefits where I can connect my Cisco Firepower to ISE and have it talk to the App Cloud. There's a benefit of utilizing Cisco Firepower in conjunction with our other Cisco solutions.
Ease of management is similar with Cisco and Fortinet, I would say similar, but it's easier in Palo Alto.
How was the initial setup?
I recently deployed a similar solution at a customer's premises, and that setup was straightforward.
The steps are fairly documented and the documentation and guides on Cisco are straightforward. You know what you're expected to configure, and it's easy to get up, running, and started. It takes some more time to check everything and get everything as you want to have it, but getting started and getting connectivity and starting to create policies was easy to do and didn't take a very long time.
It took two to four hours, including some upgrades.
What other advice do I have?
My main advice would be to utilize all the guides and documentation available from Cisco publicly and not trying to implement it using legacy thinking. Don't try to just replace something else you have. If you have a next-gen firewall, you want to try to utilize what you're getting, and getting the most out of a firewall. There are some great guides and documentation on Cisco that explains what you can do and how you can do it.
I would rate it a seven out of ten.
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:Partner
Date published: 2021-09-13T00:00:00-04:00
Rated 5 out of
5 by
reviewer1657845 from
Its Snort 3 IPS gives us flexibility and more granular control of access
What is our primary use case?
We are using it for firewall and intrusion prevention.
I have deployed it into different environments: retail, commercial, law, real estate, and the public sector. Retail is the biggest environment that I have deployed this firewall into, with 43 different sensors and a range up to 10 GbE throughput.
I am using up to version 7.0 across the board as well as multiple models: 1000 Series or 2100 Series.
How has it helped my organization?
The integration of network and workload micro-segmentation help us provide unified segmentation policies across east-west and north-south traffic. It is important to have that visibility. If you can't detect it, then you can't protect it. That is the bottom line.
The solution has enabled us to implement dynamic policies for dynamic environments. These are important because they give us flexibility and more granular control of access.
What is most valuable?
* Ease of operability
* Security protection
It is usually a central gateway into an organization. Trying to keep it as secure as possible and have easy to use operability is always good. That way, you can manage the device.
The solution has very good visibility when doing deep packet inspection. It's great because I can get packet captures out of the device. Because if an intrusion fires, I can see the packet that it fired in. So, I can dive into it and look at what is going on, what fired it, or what caused it.
Cisco Secure Firewall is fine and works when it comes to integration of network and workload micro-segmentation.
The integration of network and workload micro-segmentation is very good when it comes to visibility in our environment. It is about how you set it up and the options that you set it up for, e.g., you can be as detailed as you like or not at all, which is good.
Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity.
What needs improvement?
It needs better patching and testing as well as less bugs. That would be nice.
I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement.
For how long have I used the solution?
I have been using it for seven years.
What do I think about the stability of the solution?
Stability has been good so far. It has been much better than in the past. In the past, there were times where there were known issues or bugs.
What do I think about the scalability of the solution?
Scalability has been fine. I haven't had an issue with it. I just haven't had a need to deal with scalability yet.
How are customer service and technical support?
I would rate Cisco's support for this solution as nine out of 10 for this solution. The support has been very good. We got the job done. Sometimes, why it wasn't perfect, the challenge was getting a hold of someone.
Which solution did I use previously and why did I switch?
I have used this solution to replace different vendors, usually Cisco ASA that is reaching end of life.
How was the initial setup?
The initial setup is straightforward for me at this point. That is just because of the experience that I have in dealing with it. for a new person, it would be a little bit more complex. They have gotten better with some of the wizards. However, if you are not familiar with it, then that makes it a little more challenging.
What about the implementation team?
Depending on the situation, we will go through the typical setups. We know what we want to configure and sort of follow a template.
What was our ROI?
We have seen ROI with a better, more secure environment.
Cisco Secure Firewall has helped us to reduce our firewall operational costs. This is based on the fact that the newer models, where we have been replacing older models, have better throughput, capacity, and performance overall.
What's my experience with pricing, setup cost, and licensing?
Pricing is the same as other competitors. It is comparable. The licensing has gotten better. It has been easier with Smart Licensing.
There are additional costs, but that depends on the feature sets that you get. However, that is the same with any firewall vendor at this point.
Which other solutions did I evaluate?
I have also worked with Check Point and Palo Alto. The support is much better with Cisco than Check Point. Check Point had a little bit better of a central management station. Whereas, Cisco with the FMC is a little different as far as there are still some features that are being added to the FMC, which is good. As far as Palo Alto goes, they are quite comparable as far as their functionality and feature sets. Cisco wins for me because it has Snort, which is a known standard for IPS, which is good. Also, Cisco has the Talos group, which is the largest group out there for security hunting.
Check Point was the easiest as far as user-friendliness and its GUI. After that, Cisco and Palo Alto would be kind of tied for ease of use.
What other advice do I have?
Definitely do your research, e.g., how you want to set it up and how deep you want to go in with it. This will actually help you more. When we say Cisco Secure Firewall, is it Next-Generation, running ASA, or running Firepower? Or, does Meraki actually fit in there? So, there are different scales based on what you are trying to look for and how deep security-wise you want to go into it.
SecureX is a nice feature, but it has to be for the right environment. It is nice that we get it, but most people don't take advantage of it.
The dynamic policy capabilities can enable tight integration with Secure Workload at the application workload level, but I am not using much with Secure Workload at this point.
I would rate Cisco Secure Firewall as nine out of 10. I would not give it a 10 because of bugs.
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:Partner
Date published: 2021-09-09T00:00:00-04:00
Rated 5 out of
5 by
Henry Pan from
Provides us with application visibility and control and has improved our clients' end to end firewall functionality
What is our primary use case?
Our primary use case for this solution is to improve network security.
The maturity of our company's security implementation depends on our clients. Some of our clients really need a lot of work but some of them are advantaged. We are major implementors for Cisco.
We implement it for our clients and we also use it internally. Our security maturity is advanced. We have been in IT business for over 75 years. We have major netowrk firewall experts in the company, so we know what to do.
Our company uses more than thirty security tools. Ideally, we would use an end to end unified tool. But network security is far from that so we need to use multiple tools.
How has it helped my organization?
Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality.
What is most valuable?
The most valuable feature is the intelligence. It sends a warning for a potential attack, a zero-day attack. It sends us an advanced warning. We really like this feature.
We use other Cisco tools for switches, routers, and AppDynamics. We also use their wireless tool. We are Cisco's biggest partner, so we use the majority of their solutions. This is one of the reasons people become a Cisco-shop, because of the integration.
The integration between these products isn't perfect.
Firepower provides us with application visibility and control. We have a standard evaluation procedure with around 136 criteria. We have a team that does the evaluation and there were viruses reported.
In terms of its ability to provide visibility into threats, we put a different application to be tested. We check how much we can see. What kind of network traffic goes through different devices. We know what's going on. If something went wrong, we see the attack, we know where and which attack. We put it into our testing center. You can never get 100% visibility. Sometimes we can't detect until the damage is done. That is the danger of being in the firewall business. You never know what kinds of tricks a hacker will use. It's endless work.
Talos is pretty decent. It offers smart intelligence. It helps my team detect what is going on. Without it, the ability of the power stations would be much less. Talos is one of the reasons that we go with Cisco. It is a big advantage.
We use automated policy application and enforcement. Any of the networks are very complex. It has freed up a lot of our time. Now, it's much better but it's still far from enough. We have saved 90% of our time due to the automation.
Firepower has improved our enterprise defense ability by a lot.
We use the whole suite of Cisco device management options. Compared to ten years ago, I have seen a lot of improvement, but it's still far from enough. I wish the intelligence will be improved. There is a big learning curve now. If a new gear comes into place, then the first three months aren't so accurate. With machine learning, it is getting better. The intelligence should be there from day one. But it will still need to learn the environment and which attack is the most common.
We are still trying to figure out the best practices for harmonizing policies and enforcement across heterogeneous networks. It's something new. More and more applications are going onto the cloud and we need the hybrid Firepower ability.
What needs improvement?
The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved.
There is a bit of an overlap in their offerings. Which causes clients to overpay for whatever they end up selecting.
For how long have I used the solution?
I have been using Firepower for 3 years.
What do I think about the stability of the solution?
I see a lot of improvement in terms of stability but it's still not 100%. We still have bugs and things will go wrong that will cause the system to not function and we will have to reboot and restart. That is something that Cisco should fix.
What do I think about the scalability of the solution?
The scalability is reasonable and okay.
One of the clients we have has 21,000,000 node.
How are customer service and technical support?
We use their support a lot. In my view, they need a lot of improvement. A lot of the representatives are far away and they don't have a lot of knowledge. You need to get to level two or three for them to be able to help. My team is very experienced so it takes a lot for us to make a call to technical support. We need to talk to the right person to work out the issue. The support structure is not able to reach the right level right away. This is a problem that Cisco needs to work a lot to improve one.
Which solution did I use previously and why did I switch?
We also use Palo Alto, Check Point, Fortinet, Juniper, and Microsoft.
Cisco came into firewalls much later. I would say they're top ten but they're not number one yet. They need to do more work. Cisco does better than the smaller players.
The best firewall option is Palo Alto.
Considering the expertise and the way they detect an advanced attack, Palo Alto is better than Cisco.
How was the initial setup?
Compared to many years ago, the configuration is much more simplified. It is still not one button to get it all done. It's not easy enough. It hasn't reached the level where a junior staff member can get the job done.
For my enterprise environment, the deployment goes wave by wave. It can take six to eight weeks. We do a rolling upgrade. It's not something that can be done in one action because the network is so huge and complex.
We have a uniform implementation strategy. We have a standard upgrading proceeding. We do testing and verify and then we put it into production.
What about the implementation team?
We are the integrators and consultant team.
What was our ROI?
18 months
What's my experience with pricing, setup cost, and licensing?
Be careful
Which other solutions did I evaluate?
Yes
What other advice do I have?
Get your homework done. Get to know in-depth what Cisco can do and compare it with Palo Alto. If you're happy with Cisco, go for it but Palo Alto is the safer choice.
I would rate it an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2020-03-30T00:00:00-04:00
Rated 5 out of
5 by
Sikander Ali from
Meets my requirements regarding VPN, perimeter protection, and applications
What is our primary use case?
I protect my two servers with the help of Firepower. Both servers are connected to the Firepower and I monitor the traffic to both servers with it. I block traffic from all countries except the USA, for security purposes.
How has it helped my organization?
It meets my requirements regarding VPN, perimeter protection, and applications. I'm comfortable with what Firepower does for me. Firepower is the only security product deployed in my organization.
The Talos team is very expert and does a good job. It is a great achievement by Cisco for Firepower. It analyzes all the websites and viruses that could create vulnerabilities. Talos helps us by providing major protection. They maintain everything and we don't need any other security appliances. In the future, we may go for an email security appliance, but right now Firepower is enough for us. Without the Talos team, the Firepower might not fulfill our requirements.
For example, if I receive an email and it has a potentially malicious link, I can enter the link in the Talos website and it will provide me with all the details about the website link in the email, including which country and IP it is from. I always try to cross-check any potentially malicious links with Talos. It tells me whether I am vulnerable or not.
What is most valuable?
One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses.
It also handles application vulnerabilities. I have blocked some applications in my Firepower. In addition, there are predefined policies that come with the Firepower and I have created my own policies as well.
We also use Cisco switches, the 2920 for Layer 2 and the 3560 for Layer 3. The Firepower is integrated with the 3560. I have configured a gateway on the 3560 and all our traffic goes through the switch and is then passed on to the Firepower. The integration between the two was very easy.
What needs improvement?
One feature I would like to see, that Firepower doesn't have, is email security. Perhaps in the future, Cisco will integrate Cisco Umbrella with Firepower. I don't see why we should have to pay for two separate products when both could be integrated in one box.
For how long have I used the solution?
I have been using Cisco Firepower for two years.
What do I think about the stability of the solution?
It's a very mature product and runs smoothly.
Which solution did I use previously and why did I switch?
Before the Firepower I was using a traditional firewall, the ASA 5510. We went to the Firepower because the 5510 did not have port security, anti-malware protection, or IDS/IPS.
I have seen a lot of events using the Firepower: vulnerability events, countries, and IPs. As a result, I feel I am secure when compared with other firewalls. With my previous firewall, I didn't have the option of blocking a country, website, or IP.
What other advice do I have?
I would advise using Firepower and not other products because other products do not have all the features available in Firepower.
We are looking to integrate with Cisco Umbrella next year and we will integrate our switches and Cisco Firepower with it.
It has been a good investment for my organization and I'm happy to be using it. All its features are good. It's a great firewall for a small business. But you really need to know what you are doing to get the most benefit from it. Overall, I don't think anybody can replace Firepower or Cisco.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2020-06-08T00:00:00-04:00
Rated 5 out of
5 by
Matt Back from
You can have granular accounts with its role-based access control
What is our primary use case?
The primary use case is mainly around perimeter security at the HQ and the branch. This will include using the Next-Generation Intrusion Prevention System (NGIPS), using advanced malware protection for networks on the firewall, and remote access VPN as well as site-to-site VPN.
I work for a Cisco partner and managed service provider. We have a number of customers. Typically, the standard setup that we have is a Firepower Management Center Virtual, running in VMware, with physical FTD appliances (as the firewalls) on-premises.
We work with more mid-size organizations who typically have email security, web security, endpoint security, and perimeter security. In terms of products, that would be:
* Cisco Umbrella
* Cisco Cloud Email Security
* Cisco Secure Endpoint
* Firepower, for the perimeter.
That would be a typical technology mix. Sometimes, some customers will consume something like Duo Security for multi-factor authentication.
We are primarily running ASA Firewalls with the FTD image. We are also running some Firepower 1000 Series.
How has it helped my organization?
One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful.
Cisco implemented a role-based access control for Firepower, so you can have very granular accounts. For example, a service desk analyst could have read-only access. If we have a security operations team, then they could have access to update IPS vulnerability databases. A network engineer could have access to update ACLs, not rules, which is quite useful. Also, you can selectively push out parts of the policy package based on your role-based access control. So, if you have one job role and work on one part of the configuration, and I work on another job role working on a different part of the configuration, then I could just deploy the changes that I have made without affecting what you are doing (or without pushing out your changes). It is quite nice to be able to do that in that way.
What is most valuable?
The most valuable feature is the Next-Generation Intrusion Prevention System. For customers who don't have a SIEM platform, Firepower Management Center offers some SIEM-like functionality that clearly categorizes intrusion prevention alerts. So, they are rated with flags, from zero to four. If I see a level 1 flag, then this means that the attempted intrusion, not only relates to a real vulnerability, but we likely have a system in our environment somewhere that could be exploited by that vulnerability. In that sense, it helps us quickly target which intrusions should be investigated versus what is noise. A level 2 flag just identifies where an intrusion relates to a known vulnerability. It doesn't mean that you are vulnerable to it, because you may not have the particular hardware/software combination that the vulnerability relates to. Therefore, being able to quickly determine where to focus your investigation is important.
All Cisco security technologies have API integrations. We have all Cisco security products for all our customers integrated into SecureX for overall visibility of threat detections across all security appliances. Cisco Advanced Malware Protection is a good example. It is not just a product but a capability that has been integrated into multiple products or technologies. We see in Firepower that we can benefit from Advanced Malware Protection at a network level, but that same technology is also available on email security as well as endpoint security. So, if a threat is detected in one place that can be blocked everywhere, almost at the same time, then the integration is very good.
If we look at something like Cisco Umbrella, then we see Umbrella integrated with Cisco Meraki appliances, both on firewalls and access points. So, there does seem to be a good level of integration.
Integrations are primarily API-driven. You just generate an API. You have an identifier and generate an API key. It is normally five minutes or under to integrate something. Cisco has SecureX, which is their security management platform. They also have Cisco SecureX threat response, which is a threat hunting tool. With both of these tools, they can take the API keys from any Cisco products as well as some third-party products, then you can integrate them in just a couple of minutes. It is pretty easy.
What needs improvement?
FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively.
For how long have I used the solution?
I have been using it for around 18 months.
What do I think about the stability of the solution?
The product has significantly improved over the last two years. I am aware that the Cisco product team has made significant strides forward in addressing oversights that may have previously existed in the platform. I don't have that much in the way of improvements now. We are running the latest code, the 6.7 code, on all our environments. It addresses so many issues that previously existed in earlier versions of the code. From 6.6, the code has improved significantly and introduced many feature benefits.
The new code, 6.6 and higher, seems to be very stable. Now, you don't need to deploy the entire policy package every time you make a change. You can just deploy the segment of the configuration that has been changed. This has increased how quickly you can deploy the configuration, which is a good improvement. We seem to have less bugs and glitches in the newer code. I can't think of any real bugs or glitches that I have seen since we have been running 6.6. With 6.5 and earlier, there were some problems. Now, it seems to be very stable.
What do I think about the scalability of the solution?
The thing that restricts the scalability would be Firepower Management Center. It is constrained by how many events it can record. It suits customers who have a smaller number of sites, like a dozen or maybe 20 sites. You can still record your connection and intrusion event history for a significant period of time. But, if you are talking about a customer with hundreds of firewalls, then Firepower Management Center probably is not the right proposition.
If I am a customer with a dozen sites, I probably don't have the money to pay for a dedicated SIEM platform. So, Firepower Management Center is great for me because it is like a mini SIEM from a perimeter security perspective. I can store my connection and intrusion event history. I can get an idea of which IPS intrusions are things I should focus my attention on. These are the things that a SIEM could help you with. I can manage my firewalls from a single management location, which is really good. However, if I am a customer who has hundreds of firewalls, then it is not really scalable because I wouldn't be able to store the amount of intrusion and connection events that I would need for those firewalls.
Cisco Defense Orchestrator would probably be the better option if you had an environment that had hundreds of sites with hundreds of firewalls. Even if you acknowledge that Cisco Defense Orchestrator doesn't store events per se, it just allows you to manage and deploy policies to the firewalls, when you have an environment with hundreds of firewalls, then you will definitely have the budget for a SIEM platform. At that point, you would be scaling by having separate platforms for separate functions rather than one platform to do everything.
Firepower Management Center is great for some customers with whom we work because they don't have hundreds of sites with hundreds of firewalls. They just have somewhere between two and 10 sites. So, it is a good fit for that kind of customer.
How are customer service and technical support?
Cisco Talos is one of the largest private security, threat hunting, research organizations, but non-governmental. It is quite powerful when we explain to customers the threat intelligence injected into Cisco products. I have attended some Cisco Talos workshops, webinars, etc., and they do seem to be amongst the best in their field. So, I have a high degree of confidence in Cisco Talos, and it is one of the most powerful capabilities that Cisco has as a security vendor. You could have the best...
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:Partner
Date published: 2021-04-27T00:00:00-04:00
Rated 5 out of
5 by
Joland Van Londen from
Talos continuously enriches intelligence so that you get information about upcoming threats on time
What is our primary use case?
Telindus, our company, is an integrator. We sell Firepower and we do use it ourselves. I use all the different versions of the product.
We either replace our customers' other brands of firewalls with Firepower, or we upgrade their old Cisco ASA Firewalls to the new Firepower firewalls. The type of device we advise them to install depends on the customer's requirements and the throughputs needed.
Our primary use case for Firepower is for big networks.
What is most valuable?
The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands. That is why, when people move from another brand to Cisco, they never leave Cisco. They see that advantage.
Something I like about Firepower, in general, is that it still relies on the old ASA code. That's something customers really like because when they go into the CLI, they remember, "Oh, that's the ASA, that I am familiar with," but it's enriched with all the next-gen features of Snort. When a customer has knowledge of the ASA codes, they can do intensive troubleshooting because they know the device.
Customers also like Talos, which is the intelligence behind all of Cisco's security products, including Firepower. Talos is very good and is actually the most important part of a security product. It's important that you have something in the background that is continuously enriching intelligence so that you get information about upcoming threats on time. That keeps you protected as soon as possible when a Zero-day happens. Something that customers like about Cisco Firepower, in combination with Talos intelligence, is that full-time people are working in the background to provide information to Cisco security products.
Customers really want visibility into their networks. For example, they want identity management and that is something you can use Firepower for. With it, in addition to an IP address going somewhere, you can also see the username. That's a big advantage of Firepower, and can be set up quite easily.
Also, in very large networks, our customers use Cisco DNA Center. They have automation orchestration for their access network and that works seamlessly with Cisco Firepower firewalls. Security Group Tags can be used from DNA to an edge Firepower firewall. That way, they have microsegmentation within their access network for DNA. And they can extend that to their firewall rules for Firepower.
Our customers also use Cisco ISE to get user information. ISE is connected to DNA Center. That is something that Firepower works seamlessly with, and we do sell it a lot. We sell a lot of Cisco's other security equipment, and they all send their information to SecureX. Having more Cisco security products means your security information is becoming enriched within the SecureX platform. The integration among these Cisco products is more than easy. Cisco documents everything, in detail, when it comes to how to integrate the different parts. I've never had an issue with integrating Cisco security products with each other.
And for smaller networks, like those our government customers have, what they like about Cisco Firepower, and why they purchase it nine out of 10 times, is its ease of use and the reporting in Firepower Management Center. That is something they really like. They can look up things themselves and they like the SecureX integration.
What needs improvement?
The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore.
For how long have I used the solution?
I've been using Cisco Firepower NGFW Firewall since it came out; from the time Cisco started to use the name Firepower and they bought Snort. That's when they put in the next-generation features.
What do I think about the stability of the solution?
Firepower is rock-stable. So far, I have not seen any failed firewall. The only thing that was not quite stable in the past was Firepower Management Center, but since version 6.6 that has also been rock-stable. I haven't had any failed components in the last couple of years. I did have them two years ago and further in the past, where firewalls were not functioning and needed a reboot, but since 6.6, the stability is very good. We don't have priority-one tickets anymore.
What do I think about the scalability of the solution?
In the Netherlands, where I work, we don't have very big customers requiring very high throughput. So I cannot say anything about clustering where you can pile different ASAs or Firepower devices together to increase performance when you require it.
But scalability, in general, is pretty hard. Competition-wise, sometimes it's hard to sell Cisco security products because, in my opinion, Cisco is quite honest about the real throughput they are able to provide. Other vendors may be giving figures that are a little bit "too perfect." Sometimes it's hard for us to sell Cisco firewalls because a customer says, "Well, when I go to other brands they say they have double the throughput for half the price." Well, that's great on paper, but...
In general, after we have installed Cisco firewalls, our customers are very pleased by the performance. They also like that they can tweak settings to get more performance out of the firewall by enabling specific policies for specific traffic, and by disabling inspection for very internal data center traffic. That provides a big boost to the overall firewall performance. When a customer complains that we didn't scale it correctly, and they say it's not performing as well as they expected, I'm always able to tweak things so that it performs the way the customer requires.
How are customer service and technical support?
I have interacted with Cisco's technical support many times. Nowadays, it sometimes takes a while to get to the person with the correct knowledge, but that is happening in the world in general. First-line people are common around the world and they are trying to figure out if an issue is actually a second-or third-line issue. But when you do reach the correct department, and they know that you are knowledgeable and that you are really facing a high-priority issue or a strange behavior, Cisco's support does everything it can to help you fix things, including involving the development department. I'm very happy with their tech support.
Which solution did I use previously and why did I switch?
Most of the time we replace Sophos, Check Point, SonicWall, and Fortinet firewalls with Cisco firewalls. Customers really like the overall integration with SecureX. They see the advantage of having more security products from Cisco to get more visibility into their security. We also replace old, non-next-generation firewalls from Cisco; old ASAs.
How was the initial setup?
The initial deployment of Firepower is a straightforward process. For me, it's pretty easy. If you have never worked with it, I can imagine it might be complex.
Cisco makes it easier all the time. You can now deploy a remote branch by managing the device on an external interface. In the beginning, with previous software versions, that was hard. You needed to configure the file as a remote branch, but for that you needed the central Firepower Management Center to configure it and you didn't have a connection yet. It was a big issue to set up an initial firewall remotely when there was no connection to the Management Center. But that's been fixed.
In general, you just put down some management IP addresses and configure things so that the devices see each other and it starts to work. It's far from complex.
Generally, the initial setup takes four hours. The implementation strategy depends on the customer. I always have a conversation with the customer upfront. I explain how the connectivity works for Cisco Firepower, and then I say that I want to be in a specific subnet field. Then I start configuring the basics, and that is the part that takes about four hours, for Firepower Management Center and two firewalls in HA. Then, I start to configure the firewalls themselves, the policies, et cetera.
Which other solutions did I evaluate?
I have experience with SonicWall, Fortinet, Juniper, and Sophos firewalls, among others. We work with Fortinet and Palo Alto. It's not that we only do Cisco. But I can say from my experience that I am really more convinced about Cisco products.
What customers really like about Cisco, the number-one thing that they are really happy about within Firepower—and it was also in the old ASA code, but it's even more a feature in Firepower—is that the configuration is in modules. It's modular. You have different policies for the different functions within your firewall, so that your access control policy is only for your access lists and that's it. You have a different network address translation policy. It's all separated into different policies, so a customer knows exactly where to look to configure something, to change something, or to look at something which is not working properly.
Also, with Cisco, when a customer is not totally certain about a change he's going to make, he can...
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:Reseller
Date published: 2021-07-18T00:00:00-04:00
Rated 5 out of
5 by
Cassio Maciel from
Great for blocking attacks, best support, and very easy to use
What is our primary use case?
I use it to protect my DMZ from external attacks.
How has it helped my organization?
Last year, we received a lot of linear service attacks in our environment during the Black Friday season. Cisco Firepower blocked every attack.
What is most valuable?
The Adversity Malware Protection (AMP) feature is the most valuable.
It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard.
What needs improvement?
Its interface is sometimes is a little bit slow, and it can be improved.
When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode.
In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment.
For how long have I used the solution?
I have been using Cisco Firepower for two years.
What do I think about the scalability of the solution?
We use it specifically for DMZ, so we don't need it to scale it up. Because we are using this solution for a specific environment, we don't plan to increase its usage.
We have a few teams who use this solution. We have the information security team for reading the logs and policies. We have administrators, and we also have contractors for the network operation center to analyze some logs and reports.
How are customer service and technical support?
We have used their technical support. They are amazing. Cisco's technical support is the best.
Which solution did I use previously and why did I switch?
We have used Check Point and one more solution. The main difference is in the IPS signatures. Cisco Firepower has precise and most updated IPS signatures.
How was the initial setup?
The initial setup is easy. The deployment took two months because we didn't have Firepower previously, and it took us some time to plan and implement.
What about the implementation team?
We used our reseller and contractor to deploy Cisco Firepower. They were good.
What other advice do I have?
I would recommend this solution. I would rate Cisco Firepower a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2020-11-15T00:00:00-05:00
Rated 5 out of
5 by
reviewer1480314 from
Comparable pricing, stable, with good and responsive technical support
What is our primary use case?
We use this solution for our firewall and intrusion prevention system.
What is most valuable?
The most valuable feature is that I have 16 public IP addresses that tunnel through into servers inside.
There are no issues that we are aware of. It does its job silently in the background.
What needs improvement?
The initial setup could be simplified, as it can be complex for new users.
For how long have I used the solution?
We have been working with this solution for a couple of years.
What do I think about the stability of the solution?
It's stable. If there is ever a problem, it never seems to be the firewall.
What do I think about the scalability of the solution?
This particular model can't quite handle the bandwidth we need. We're actually replacing it shortly with the new higher capacity model.
How are customer service and technical support?
Technical support is good. They are responsive.
How was the initial setup?
The initial setup was somewhat complex at first.
What about the implementation team?
We had help from an integrator, which was Dell. They were helpful.
What's my experience with pricing, setup cost, and licensing?
The price is comparable.
What other advice do I have?
We are just at the beginning of the deployment of Arctic Wolf for managed detection and response. We don't have a lot of information yet, as we are onboarding it now.
We wanted to have someone watching and we couldn't set up the SOC by ourselves because we need six security dedicated people to man it at all times. With a staff of 80, it was too much. We engaged Arctic Wolf to be our 24/7 eyes on the potential risks that are happening. They can alert us and we can deal with it.
We like to use the integrator just to make sure that the firewall is set up correctly. If you don't have people dedicated to the firewall, then you can't do it in-house.
I would rate the Cisco firepower NGFW Firewall a nine out of ten.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2021-01-31T00:00:00-05:00
Rated 5 out of
5 by
reviewer1446408 from
The UI needs improvement, as does the SNMP configuration, but the feature set is good
What is most valuable?
The feature set is fine and is rarely a problem.
What needs improvement?
Cisco makes horrible UIs, so the interface is something that should be improved. Usability is poor and it doesn't matter how good the feature set is. If the UI, whether the command-line interface or GUI, isn't good or isn't usable, then you're going to miss things. You may configure it wrong and you're going to have security issues.
Security vendors have this weird approach where they like to make their UIs a test of manhood, and frankly, that's a waste of my time.
The SNMP implementation is incredibly painful to use.
For how long have I used the solution?
I have been using Cisco Firepower NGFW Firewall within the past year.
Which solution did I use previously and why did I switch?
I work with a lot of different IT products including three different firewall solutions in the past 12 months.
What other advice do I have?
Everything has room for improvement.
I would rate this solution a five out of ten.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2021-01-30T00:00:00-05:00
Rated 5 out of
5 by
Mike Bulyk from
Given us protection and peace of mind in terms of attacks against our infrastructure from known or emerging threats
What is our primary use case?
It is for defense, protecting workloads from a distributed type of an environment. On-premises, we are hosting several different distributed user session type environments. In our case, it is remote desktop services, which enable users to go out and browse the Internet, in some cases to do legitimate services, and in other cases, it is more of a personal browsing session. In this case, the primary purpose is to protect those user sessions when they are accessing the Internet. The secondary use case is to protect these services and applications from inbound threats, e.g., Internet scanning, Internet exploit attempts, any sort of attack, reconnaissance, or anything of that nature coming from the public Internet.
Firepower is an add-on to Cisco ASAs that enables intrusion prevention detection and some additional advanced functionalities. We have both.
We have two on-premise data centers where Firepower is deployed.
How has it helped my organization?
In terms of logging, that has been a big benefit because it is a fairly straightforward and easy process to log results. We stream through a folder and that information goes out to Splunk. It delivers immediate value. While Firepower reporting is generally pretty good, there is some delay, as far as when information shows up and updates the internal Firepower reporting mechanism. What we found is if this information is streamed into a SIEM, then it can immediately apply additional enrichment on top of it and build slightly more relevant, near real-time reporting, in comparison to doing it directly from Firepower. In terms of value for Firepower data, the ability to stream that out as a log, then characterize and enrich it within the SIEM that is where we gain the most value from a security perspective.
The solution’s ability to provide visibility into threats is good. Combined with Cisco's own trend intelligence characterization as well as the creation and application of that sort of tag into the stream of data that Firepower detects, that immediately tells us which threat type it is:
* Does it belong to a threat group?
* Is it an IP block list?
* Is it a URL block list?
* Is it a known threat?
* Which threat list does it belong to?
All this additional information is definitely useful. We treat it personally as set and forget because we are in the block mode - intrusion prevention mode. We don't let threats in. We err on the side of being overly protective. This is opposed to letting in threats, then detecting, identifying, and taking action on stuff that got through. Instead, we just block it. In our day-to-day operations, normally what was blocked is generally useful, but it's not operationally important.
It is set up to automatically apply the blocks and use the threat intelligence delivered by Talos as well as the intrusion prevention rules. All of that is entirely automated.
It has improved our organization's security posture dramatically. It has definitely given us modern protection and peace of mind in terms of attacks against our infrastructure from known or emerging threats, so we can be protected against them.
What is most valuable?
Intrusion prevention is its most valuable feature because of its effectiveness. Cisco is the largest security company and one of the largest threat intelligence services with Talos. Cisco can identify and immediately apply any new threat information into signature sets for their Intrusion Prevention tools, including endpoint. In our case, we are talking about Firepower. That scope is what results in is an almost immediate application of application prevention signatures against any upcoming network attacks. So, if there is a new vulnerability, some sort of high critical value globally, the Cisco team is typically able to identify and write corresponding detection or prevention signatures, then apply them across their toolset.
It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective.
We are using Cisco Cloud Email Security and DNS security from Cisco as well as endpoint protection. The integration between these products is pretty good. The benefit is the ability of all these disparate tools to talk to each other and be able to take action, sort of feeding each other with newly intelligent detection mechanisms and passing that information on to the next tool, then taking action on that next tool based on information identified on the first tool. That is really the biggest benefit of using the ecosystem. So, we've optimized it. We leveraged Cisco's tech response, which connects with each of these tools. We definitely find value every day.
It was very easy to integrate with the SIEM, which is really our primary use case. Besides the Cisco ecosystem, it is integrating with a standalone separate SIEM solution, which is Splunk in our case. This was an easy, simple approach to accomplish. We had no issues or problems with that.
What needs improvement?
Try to understand if there is a need, e.g., if there is a need to log this information, get these logs out, and forward to some sort of a SIEM technology or perhaps a data store that you could keep it for later. There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility.
In some cases, I could see how SIEM is not an option for certain companies, perhaps they either cannot afford it, or they do not have the resources to dedicate a security analyst/engineer who could deploy, then manage the SIEM. In most cases, Firepower is a useful tool that a network engineer can help set up and manage, as opposed to a security engineer. To make the solution more effective and appealing, Cisco could continue to improve some of the reporting that is generated within the Firepower Management Console. Overall, that would give a suitable alternative to a full-fledged SIEM, at least on a network detection side, application identification side, and endpoint identification and attribution side. Potentially, a security analyst or network engineer could then simply access the Firepower Management Console, giving them the visibility and data needed to understand what is going on in their environment. If Cisco continues to improve anything, then I would suggest continuing to improve the dashboarding and relevant operational metrics present within the platform, as opposed to taking those logs and shipping them elsewhere.
For how long have I used the solution?
About four years.
What do I think about the stability of the solution?
Once it is deployed, not much staff is required as long as the intrusion rules are specifically configured to automatically update. That is the primary thing. Then, the continuous periodic updates from Cisco apply operating system patches just to make sure that critical vulnerabilities are patched and operating system optimization is applied routinely. Strategy-wise, I would patch quarterly unless there was a critical vulnerability that Cisco would discover, then apply a patch against it. At which point, we would then patch our appliance.
The stability is very good. As far as I can tell, we don't have any issues with availability or stability.
What do I think about the scalability of the solution?
Cisco accounts for scalability by having different hardware recommendations, depending on what the throughput is, the required coverage is in terms of number of devices, the amount of traffic, etc. In our case, I don't see any issues. We are appropriately sized, but I could see how if someone's environment doubles, then someone should account for that by either procuring another appliance and separating some of the traffic flows or getting a bigger, more powerful system that can handle increase in throughput.
We try fitting to an ecosystem mentality. For example, we have four different Cisco products, which is technically a single ecosystem. If you were to think of it that way, then it is four different tools from Cisco. Then, there are two additional ones on the network, which makes six. There are additional two or three for an endpoint, plus another two or three for email, and another two or three for identities. So, I would say there are probably around 20 security solutions total.
The network team as well as the security team use it. Combined, that is approximately six people.
We are perfectly sized. I don't think there will be a need to increase the footprint or anything like that, at least for a while.
How are customer service and technical support?
I know that people typically say TAC is hit or miss. In my case, it was always a good experience. Whether it was Firepower related for licensing questions or email, I have never had any issues with Cisco TAC.
Cisco Talos is very good. They are very well-regarded and well-known. I respect the team. They know what they are doing. They are one of the best overall. They are probably the best threat intelligence organization out there. Their visibility is unparalleled, because the data that Cisco has access to and the telemetry that it's able to gather are quite amazing....
Disclaimer: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2021-03-02T00:00:00-05:00
Rated 5 out of
5 by
Gyaneshwar Upadhyay from
User friendly and easy to use GUI, but stability and scalability need improvement
What is our primary use case?
We are currently using this solution as a VPN and an internet firewall in some locations. In our data center, we are still using FortiGate as an internet firewall but we are evaluating other options.
What is most valuable?
If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.
What needs improvement?
We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve.
For how long have I used the solution?
I have been using Cisco Firepower NGFW Firewall for approximately three years.
What do I think about the stability of the solution?
The solution is not stable. There seems to be always some issues. This is not ideal when you are running a system in a data center environment.
What do I think about the scalability of the solution?
There is room for improvement in the scalability of this solution.
How are customer service and technical support?
I was satisfied with the support we received.
How was the initial setup?
When I did the installation three or four years ago it was challenging.
What's my experience with pricing, setup cost, and licensing?
This solution is expensive and other solutions, such as FortiGate, are cheaper.
Which other solutions did I evaluate?
I have evaluated FortiGate firewalls and when comparing with this solution there is no clear better solution, they each have their pros and cons.
What other advice do I have?
I would recommend a Next-Generation firewall. FortiGate has a Next-Generation firewall but I have never used it. However, it would be similar to the Cisco Next-Generation FirePOWER, which has most of the capabilities, such as running all the BDP sessions and having security intelligence in one system.
I would recommend everyone to use this solution.
I rate Cisco Firepower NGFW Firewall a six out of ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2021-06-29T00:00:00-04:00
Rated 5 out of
5 by
Rifat Hyseni from
Provides us with application visibility and control
What is our primary use case?
We are a large company in the country in which we operate. We are a government agency dealing with taxes and we provide services for all taxpayers within the country. We have services for internal users, as well as services for public users. The main reason we use these firewalls is to protect our environment and to provide our services efficiently so that we are up and running 24/7.
Our solution is deployed in a private cloud. Everything is hosted in our environment and provided as cloud services. We are in the process of moving our infrastructure from the previous environment to the new environment where Cisco firewalls are installed.
In terms of our security maturity as an organization, we are young. In fact, we are young as a country. We have been providing electronic services for more than 10 years for our clients. We have a huge number of clients, with over 120,000 users who subscribe to our system and who access our services on a daily basis or, at a minimum, three to four times per year.
We use a few tools for security in terms of management, both internal and external, but we are mainly relying on Cisco. Our network is based on Cisco, and we also protect our mail system with Cisco. Previously, and in parallel, we used Sophos next-generation firewalls.
What is most valuable?
The solution provides us with application visibility and control and, at this stage, we are happy with it. Similarly, we are very happy with Cisco Firepower Management Center. We're still at an early stage, but we haven't seen any problems with the Cisco products. We are still switching on features and looking at how they are working.
When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well.
We also believe that Cisco is updated about all security issues and threats and efficient enough to provide us with the features and protection we need.
For how long have I used the solution?
We just installed them recently. We started installation at the end of 2020 and we completed it this month, April 2021.
What do I think about the stability of the solution?
It's still early, but we believe the stability is alright.
What do I think about the scalability of the solution?
The scalability of the solution is better than the other firewalls we have, due to technical features. Our technicians have realized that this is much more scalable compared to other solutions.
How are customer service and technical support?
So far, the technical support has been excellent.
How was the initial setup?
The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough.
We did a proper implementation plan according to the complexity of our network and our requirements. Then we used the best method for implementing it while mitigating our risks and meeting our requirements. We found a good way to implement it.
The setup took us two calendar months, but in terms of the actual time required to configure it, it was not so long. The setup took approximately as long as for other firewalls we have used.
What was our ROI?
It's hard to talk about ROI when it comes to security, but security now is expensive. You have to pay for it.
What's my experience with pricing, setup cost, and licensing?
For us, the pricing was more economical than other products we used. There were no extra costs.
Which other solutions did I evaluate?
We evaluated a lot of the providers: Juniper, Palo Alto, Check Point, and Fortinet. Our technical team really researched things for a considerable amount of time, and they came up with a decision that this would be the best.
Cisco was chosen because there were many features according to assessments made by other users and as noted in technical data sheets we looked at during the research. They came up with a few features which are better than what other products have.
Also, especially when you have been a long-time user of Cisco products and services, we found that from a budget perspective it was going to be much more preferable than the others.
What other advice do I have?
We are very satisfied with the service and the product. I don't think that any product would be better than Cisco when it comes to next-generation firewalls.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2021-05-23T00:00:00-04:00
Rated 5 out of
5 by
Pardeep Sharma from
Good IPS/IDS functionality, straightforward to set up, and simple to deploy
What is our primary use case?
We use this solution for advanced IPS, IDS, advanced malware protection, and web filtering.
What is most valuable?
The most valuable features of this solution are advanced malware protection, IPS, and IDS.
What needs improvement?
web filtering needs to improve because cisco firepower sync with bright cloud website for the website category. sometimes your URL is falling in the wrong category because of the bright cloud. so if you want to change the category you will have to drop the mail to the bright cloud and they will take action and it's a very long procedure.
For how long have I used the solution?
more than 2 years
What do I think about the stability of the solution?
This is a very reliable solution.
What do I think about the scalability of the solution?
I have extended my Cisco solution and did not have any trouble.
We have more than 400 users and we plan to increase usage.
How was the initial setup?
The initial setup is very simple to deploy in the Egyptian network. It takes two to three days to deploy but if you are implementing AMP then it will take an extra one or two days.
What's my experience with pricing, setup cost, and licensing?
I am happy with the product in general, including the pricing.
Which other solutions did I evaluate?
We evaluated a Sophos firewall but when I checked the reviews, I found that Sophos did not rate as well in terms of IPS, IDS, and malware protection.
What other advice do I have?
Cisco utilizes BrightCloud for URL filtering. Web filtering is the main problem with this product.
My advice to anybody who is considering this product is that if they want good security, compared to other offerings such as those by Check Point and Palo Alto, then they should implement Cisco Firepower.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2021-05-16T00:00:00-04:00
Rated 5 out of
5 by
Matt Back from
You can have granular accounts with its role-based access control
What is our primary use case?
The primary use case is mainly around perimeter security at the HQ and the branch. This will include using the Next-Generation Intrusion Prevention System (NGIPS), using advanced malware protection for networks on the firewall, and remote access VPN as well as site-to-site VPN.
I work for a Cisco partner and managed service provider. We have a number of customers. Typically, the standard setup that we have is a Firepower Management Center Virtual, running in VMware, with physical FTD appliances (as the firewalls) on-premises.
We work with more mid-size organizations who typically have email security, web security, endpoint security, and perimeter security. In terms of products, that would be:
* Cisco Umbrella
* Cisco Cloud Email Security
* Cisco Secure Endpoint
* Firepower, for the perimeter.
That would be a typical technology mix. Sometimes, some customers will consume something like Duo Security for multi-factor authentication.
We are primarily running ASA Firewalls with the FTD image. We are also running some Firepower 1000 Series.
How has it helped my organization?
One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage that discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful.
Cisco implemented a role-based access control for Firepower, so you can have very granular accounts. For example, a service desk analyst could have read-only access. If we have a security operations team, then they could have access to update IPS vulnerability databases. A network engineer could have access to update ACLs, not rules, which is quite useful. Also, you can selectively push out parts of the policy package based on your role-based access control. So, if you have one job role and work on one part of the configuration, and I work on another job role working on a different part of the configuration, then I could just deploy the changes that I have made without affecting what you are doing (or without pushing out your changes). It is quite nice to be able to do that in that way.
What is most valuable?
The most valuable feature is the Next-Generation Intrusion Prevention System. For customers who don't have a SIEM platform, Firepower Management Center offers some SIEM-like functionality that clearly categorizes intrusion prevention alerts. So, they are rated with flags, from zero to four. If I see a level 1 flag, then this means that the attempted intrusion, not only relates to a real vulnerability, but we likely have a system in our environment somewhere that could be exploited by that vulnerability. In that sense, it helps us quickly target which intrusions should be investigated versus what is noise. A level 2 flag just identifies where an intrusion relates to a known vulnerability. It doesn't mean that you are vulnerable to it, because you may not have the particular hardware/software combination that the vulnerability relates to. Therefore, being able to quickly determine where to focus your investigation is important.
All Cisco security technologies have API integrations. We have all Cisco security products for all our customers integrated into SecureX for overall visibility of threat detections across all security appliances. Cisco Advanced Malware Protection is a good example. It is not just a product but a capability that has been integrated into multiple products or technologies. We see in Firepower that we can benefit from Advanced Malware Protection at a network level, but that same technology is also available on email security as well as endpoint security. So, if a threat is detected in one place that can be blocked everywhere, almost at the same time, then the integration is very good.
If we look at something like Cisco Umbrella, then we see Umbrella integrated with Cisco Meraki appliances, both on firewalls and access points. So, there does seem to be a good level of integration.
Integrations are primarily API-driven. You just generate an API. You have an identifier and generate an API key. It is normally five minutes or under to integrate something. Cisco has SecureX, which is their security management platform. They also have Cisco SecureX threat response, which is a threat hunting tool. With both of these tools, they can take the API keys from any Cisco products as well as some third-party products, then you can integrate them in just a couple of minutes. It is pretty easy.
What needs improvement?
FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively.
For how long have I used the solution?
I have been using it for around 18 months.
What do I think about the stability of the solution?
The product has significantly improved over the last two years. I am aware that the Cisco product team has made significant strides forward in addressing oversights that may have previously existed in the platform. I don't have that much in the way of improvements now. We are running the latest code, the 6.7 code, on all our environments. It addresses so many issues that previously existed in earlier versions of the code. From 6.6, the code has improved significantly and introduced many feature benefits.
The new code, 6.6 and higher, seems to be very stable. Now, you don't need to deploy the entire policy package every time you make a change. You can just deploy the segment of the configuration that has been changed. This has increased how quickly you can deploy the configuration, which is a good improvement. We seem to have less bugs and glitches in the newer code. I can't think of any real bugs or glitches that I have seen since we have been running 6.6. With 6.5 and earlier, there were some problems. Now, it seems to be very stable.
What do I think about the scalability of the solution?
The thing that restricts the scalability would be Firepower Management Center. It is constrained by how many events it can record. It suits customers who have a smaller number of sites, like a dozen or maybe 20 sites. You can still record your connection and intrusion event history for a significant period of time. But, if you are talking about a customer with hundreds of firewalls, then Firepower Management Center probably is not the right proposition.
If I am a customer with a dozen sites, I probably don't have the money to pay for a dedicated SIEM platform. So, Firepower Management Center is great for me because it is like a mini SIEM from a perimeter security perspective. I can store my connection and intrusion event history. I can get an idea of which IPS intrusions are things I should focus my attention on. These are the things that a SIEM could help you with. I can manage my firewalls from a single management location, which is really good. However, if I am a customer who has hundreds of firewalls, then it is not really scalable because I wouldn't be able to store the amount of intrusion and connection events that I would need for those firewalls.
Cisco Defense Orchestrator would probably be the better option if you had an environment that had hundreds of sites with hundreds of firewalls. Even if you acknowledge that Cisco Defense Orchestrator doesn't store events per se, it just allows you to manage and deploy policies to the firewalls, when you have an environment with hundreds of firewalls, then you will definitely have the budget for a SIEM platform. At that point, you would be scaling by having separate platforms for separate functions rather than one platform to do everything.
Firepower Management Center is great for some customers with whom we work because they don't have hundreds of sites with hundreds of firewalls. They just have somewhere between two and 10 sites. So, it is a good fit for that kind of customer.
How are customer service and technical support?
Cisco Talos is one of the largest private security, threat hunting, research organizations, but non-governmental. It is quite powerful when we explain to customers the threat intelligence injected into Cisco products. I have attended some Cisco Talos workshops, webinars, etc., and they do seem to be amongst the best in their field. So, I have a high degree of confidence in Cisco Talos, and it is one of the most powerful capabilities that Cisco has as a security vendor. You could have the bes...
Disclaimer: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:Partner
Date published: 2021-04-27T00:00:00-04:00
Rated 5 out of
5 by
Maharajan S from
Gives us more visibility into the inbound/outbound traffic being managed
What is our primary use case?
We have an offshore development center with around 1,400 users (in one location) where we have deployed this firewall.
The maturity of our organization’s security implementation is a four out of five (with five being high). We do have NOC and SOC environments along with in-built access to our systems.
We use Acunetix as one of our major tools. We do have some open source. There are a couple of networks where we are using the Tenable tool. We have implemented an SIEM along with a Kaspersky at the cloud level. In the Cisco firewall, we installed Kaspersky in the firewall logs which upload to Kaspersky for us to review back.
How has it helped my organization?
Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening.
What is most valuable?
The advance malware protection (AMP) is valuable because we didn't previously have this when we had an enterprise gateway. Depending on the end user, they could have EDR or antivirus. Now, we have enabled Cisco AMP, which give us more protection at the gateway level.
The application visibility is also valuable. Previously, with each application, we would prepare and develop a report based on our knowledge. E.g., there are a couple business units using the SAS application, but we lacked visibility into the application layer and usage. We use to have to configure the IP or URL to give us information about usage. Now, we have visibility into concurrent SAS/Oracle sessions. This solution gives us more visibility into the inbound/outbound traffic being managed. This application visibility is something new for us and very effective because we are using Office 365 predominantly as our productivity tool. Therefore, when users are accessing any of the Office 365 apps, this is directly identified and we can see the usage pattern. It gives us more visibility into our operations, as I can see information in real-time on the dashboards.
What needs improvement?
The solution has positively affected our organization’s security posture. I would rate the effects as an eight (out of 10). There is still concern about the engagement between Cisco Firepower and Cisco ASA, which we have in other offices. We are missing the visibility between these two products.
We would like more application visibility and an anti-malware protection system, because we don't have this at the enterprise level.
The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team.
For how long have I used the solution?
Nearly a year.
What do I think about the stability of the solution?
So far, it has been stable.
We have around 32 people for maintenance. Our NOC team works 24/7. They are the team who manages the solution.
What do I think about the scalability of the solution?
Scalability is one of our major business requirements. We are seeing 20 percent growth year-over-year. The plan is to keep this product for another four years.
How are customer service and technical support?
We contacted Cisco directly when issues happened during the implementation, e.g., the management console was hacked.
Which solution did I use previously and why did I switch?
We used Fortinet and that product was coming to end of life. We had been using it continuously for seven years, then we started to experience maintenance issues.
Also, we previously struggled to determine who were all our active users, especially since many were VPN users. We would have to manually determine who was an inactive user, where now the process is more automated. It also had difficult handling our load.
How was the initial setup?
The initial setup was complex. We engaged NTT Dimension Data as there were a couple things that needed to be done for our requirements and validation. This took time to get signed off on by quality team. However, the configuration/implementation of the system did not take much time. It was a vanilla implementation.
We did face performance issues with the console during implementation. The console was hacked and we needed to reinstall the console in the virtual environment.
What about the implementation team?
We were engaged with a local vendor, NTT Dimension Data, who is a Cisco partner. They were more involved on the implementation and migration of the firewall. Some channels were reconfigured, along with some URL filtering and other policies that we used for configuration or migration to the new server.
Our experience with NTT Dimension Data has been good. We have been using them these past four to five years.
What was our ROI?
We have seen ROI. Our productivity has increased.
The change to Cisco Firepower has reduced the time it takes for our network guy to generate our monthly report. It use to take him many hours where he can now have it done in an hour.
What's my experience with pricing, setup cost, and licensing?
Cisco pricing is premium. However, they gave us a 50 to 60 percent discount.
There are additional implementation and validation costs.
Which other solutions did I evaluate?
We also evaluated Check Point, Palo Alto, Sophos, and Cisco ASA. In the beginning, we thought about going for Cisco ASA but were told that Firepower was the newest solution. We met with Cisco and they told us that they were giving more attention going forward to Firepower than the ASA product.
We did a small POC running in parallel with Fortinet. We evaluated reports, capability, and the people involved. Palo Alto was one of the closest competitors because they have threat intelligence report in their dashboard. However, we decided not to go with Palo Alto because of the price and support.
What other advice do I have?
We are using Cisco at a global level. We have internally integrated this solution with Cisco Unified Communications Manager in a master and slave type of environment that we built. It uses a country code for each extension. Also, there is Jabber, which our laptop users utilize when connecting from home. They call through Jabber to connect with customers. Another tool that we use is Cisco Meraki. This is our all time favorite product for the office WiFi environment. However, we are not currently integrating our entire stack because then we would have to change everything. We may integrate the Cisco stack in the future. It should not be difficult to integrate since everything is a Cisco product. The only issue may be compliance since we have offices in the US and Europe.
We are now using a NGFW which helps us deep dive versus using a normal firewall.
Overall, I would rate Cisco Firepower as an eight (out of 10).
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2020-06-08T00:00:00-04:00
Rated 5 out of
5 by
Mike Bulyk from
Given us protection and peace of mind in terms of attacks against our infrastructure from known or emerging threats
What is our primary use case?
It is for defense, protecting workloads from a distributed type of an environment. On-premises, we are hosting several different distributed user session type environments. In our case, it is remote desktop services, which enable users to go out and browse the Internet, in some cases to do legitimate services, and in other cases, it is more of a personal browsing session. In this case, the primary purpose is to protect those user sessions when they are accessing the Internet. The secondary use case is to protect these services and applications from inbound threats, e.g., Internet scanning, Internet exploit attempts, any sort of attack, reconnaissance, or anything of that nature coming from the public Internet.
Firepower is an add-on to Cisco ASAs that enables intrusion prevention detection and some additional advanced functionalities. We have both.
We have two on-premise data centers where Firepower is deployed.
How has it helped my organization?
In terms of logging, that has been a big benefit because it is a fairly straightforward and easy process to log results. We stream through a folder and that information goes out to Splunk. It delivers immediate value. While Firepower reporting is generally pretty good, there is some delay, as far as when information shows up and updates the internal Firepower reporting mechanism. What we found is if this information is streamed into a SIEM, then it can immediately apply additional enrichment on top of it and build slightly more relevant, near real-time reporting, in comparison to doing it directly from Firepower. In terms of value for Firepower data, the ability to stream that out as a log, then characterize and enrich it within the SIEM that is where we gain the most value from a security perspective.
The solution’s ability to provide visibility into threats is good. Combined with Cisco's own trend intelligence characterization as well as the creation and application of that sort of tag into the stream of data that Firepower detects, that immediately tells us which threat type it is:
* Does it belong to a threat group?
* Is it an IP block list?
* Is it a URL block list?
* Is it a known threat?
* Which threat list does it belong to?
All this additional information is definitely useful. We treat it personally as set and forget because we are in the block mode - intrusion prevention mode. We don't let threats in. We err on the side of being overly protective. This is opposed to letting in threats, then detecting, identifying, and taking action on stuff that got through. Instead, we just block it. In our day-to-day operations, normally what was blocked is generally useful, but it's not operationally important.
It is set up to automatically apply the blocks and use the threat intelligence delivered by Talos as well as the intrusion prevention rules. All of that is entirely automated.
It has improved our organization's security posture dramatically. It has definitely given us modern protection and peace of mind in terms of attacks against our infrastructure from known or emerging threats, so we can be protected against them.
What is most valuable?
Intrusion prevention is its most valuable feature because of its effectiveness. Cisco is the largest security company and one of the largest threat intelligence services with Talos. Cisco can identify and immediately apply any new threat information into signature sets for their Intrusion Prevention tools, including endpoint. In our case, we are talking about Firepower. That scope is what results in is an almost immediate application of application prevention signatures against any upcoming network attacks. So, if there is a new vulnerability, some sort of high critical value globally, the Cisco team is typically able to identify and write corresponding detection or prevention signatures, then apply them across their toolset.
It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective.
We are using Cisco Cloud Email Security and DNS security from Cisco as well as endpoint protection. The integration between these products is pretty good. The benefit is the ability of all these disparate tools to talk to each other and be able to take action, sort of feeding each other with newly intelligent detection mechanisms and passing that information on to the next tool, then taking action on that next tool based on information identified on the first tool. That is really the biggest benefit of using the ecosystem. So, we've optimized it. We leveraged Cisco's tech response, which connects with each of these tools. We definitely find value every day.
It was very easy to integrate with the SIEM, which is really our primary use case. Besides the Cisco ecosystem, it is integrating with a standalone separate SIEM solution, which is Splunk in our case. This was an easy, simple approach to accomplish. We had no issues or problems with that.
What needs improvement?
Try to understand if there is a need, e.g., if there is a need to log this information, get these logs out, and forward to some sort of a SIEM technology or perhaps a data store that you could keep it for later. There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility.
In some cases, I could see how SIEM is not an option for certain companies, perhaps they either cannot afford it, or they do not have the resources to dedicate a security analyst/engineer who could deploy, then manage the SIEM. In most cases, Firepower is a useful tool that a network engineer can help set up and manage, as opposed to a security engineer. To make the solution more effective and appealing, Cisco could continue to improve some of the reporting that is generated within the Firepower Management Console. Overall, that would give a suitable alternative to a full-fledged SIEM, at least on a network detection side, application identification side, and endpoint identification and attribution side. Potentially, a security analyst or network engineer could then simply access the Firepower Management Console, giving them the visibility and data needed to understand what is going on in their environment. If Cisco continues to improve anything, then I would suggest continuing to improve the dashboarding and relevant operational metrics present within the platform, as opposed to taking those logs and shipping them elsewhere.
For how long have I used the solution?
About four years.
What do I think about the stability of the solution?
Once it is deployed, not much staff is required as long as the intrusion rules are specifically configured to automatically update. That is the primary thing. Then, the continuous periodic updates from Cisco apply operating system patches just to make sure that critical vulnerabilities are patched and operating system optimization is applied routinely. Strategy-wise, I would patch quarterly unless there was a critical vulnerability that Cisco would discover, then apply a patch against it. At which point, we would then patch our appliance.
The stability is very good. As far as I can tell, we don't have any issues with availability or stability.
What do I think about the scalability of the solution?
Cisco accounts for scalability by having different hardware recommendations, depending on what the throughput is, the required coverage is in terms of number of devices, the amount of traffic, etc. In our case, I don't see any issues. We are appropriately sized, but I could see how if someone's environment doubles, then someone should account for that by either procuring another appliance and separating some of the traffic flows or getting a bigger, more powerful system that can handle increase in throughput.
We try fitting to an ecosystem mentality. For example, we have four different Cisco products, which is technically a single ecosystem. If you were to think of it that way, then it is four different tools from Cisco. Then, there are two additional ones on the network, which makes six. There are additional two or three for an endpoint, plus another two or three for email, and another two or three for identities. So, I would say there are probably around 20 security solutions total.
The network team as well as the security team use it. Combined, that is approximately six people.
We are perfectly sized. I don't think there will be a need to increase the footprint or anything like that, at least for a while.
How are customer service and technical support?
I know that people typically say TAC is hit or miss. In my case, it was always a good experience. Whether it was Firepower related for licensing questions or email, I have never had any issues with Cisco TAC.
Cisco Talos is very good. They are very well-regarded and well-known. I respect the team. They know what they are doing. They are one of the best overall. They are probably the best threat intelligence organization out there. Their visibility is unparalleled, because the data that Cisco has access to and the telemetry that it's able to gather are quite amazing....
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2021-03-02T00:00:00-05:00
Rated 5 out of
5 by
Cesar Beut from
Blocks attacks by providing a security barrier
What is our primary use case?
We use it to configure the perimeter firewalls. In FireSIGHT, we have two firewalls in a cluster with high ability, then we have five firewalls in Offices. We use those firewalls as a perimeter for Offices.
We have all the devices in the Firepower Management Center system. We always work with Firepower devices in Firepower Management Center.
We have offices around the world. We are in Europe, the USA, and South America.
How has it helped my organization?
We have border security with Firepower. We try to curb security issues by using this Firepower firewall.
What is most valuable?
The solution provides us with good working application visibility and control.
I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete.
What needs improvement?
The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.
Three years ago, the Firepower Management Center was very slow. The solution has improved a lot in the last couple of years. It is now faster. I hope that continues to improve.
For how long have I used the solution?
I have been using it for three years.
What do I think about the stability of the solution?
We have five devices. In Rome, we don't have a technician and didn't work when we started using it. We had to send a technician to Rome to reboot the system. Now, it is stable with no problems. Also, we lost the link to the high availability firewall in our data center. We only had one device there, and Solutel had to solve this issue.
What do I think about the scalability of the solution?
The scalability is great.
We have five devices in four locations.
Three network administrators who work with Firepower, including myself.
How are customer service and technical support?
I usually create an issue with Solutel, then they create a case with Cisco Talos or the Cisco technicians. I am happy with Solutel's support.
How was the initial setup?
We deployed in several cities, but not the same day.
What about the implementation team?
The initial deployment was done by a Cisco partner, Solutel. Our experience with Solutel was fantastic. They are local partners for us and provided us with great service.
What was our ROI?
We realized that clearly we have issues of security with a lot of attacks. I don't know if it is because with the COVID-19 virus a lot of hackers are at home or working more hours. In the last year, we have seen attacks that are very big, and we need a barrier. So, we use a firewall to block these attacks.
What's my experience with pricing, setup cost, and licensing?
The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case.
Our license for Firepower is their best license.
Which other solutions did I evaluate?
We have FortiGate firewalls, the security of Office 365 from Microsoft, Cisco Umbrella, and Kaspersky Anti-virus. We are also using Cisco ASA, Meraki switches, and a router from Cisco.
The Firepower Management Center tool is very slow. We also have the FortiGate firewalls and these tools for configuring the firewall are faster.
We have to make a change to our devices in South America. We are currently evaluating Cisco Firepower Series 1000 versus FortiGate. Firepower is more powerful than FortiGate, but FortiGate is more flexible and easier to configure. Because of our last issues with Firepower, it is possible that FortiGate is more stable.
What other advice do I have?
It is a very powerful device. Firepower Management Center is a great tool, but it is a bit slow.
We don't have Cisco Umbrella integrated with Firepower. We tested Firepower's integration with Meraki Umbrella, but we don't use it because you need better firmware.
I would rate this solution as an eight (out of 10).
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2021-02-17T00:00:00-05:00
Rated 5 out of
5 by
Syed Khalid Ali from
pxGrid enables all devices on the network to communicate
What is our primary use case?
I use Firepower for all kind of customers; healthcare, government, banks etc. All all of them have different use cases and requirements. In most cases, I would mostly end up with enterprises or government organizations. If you are already have all Cisco gears, I would suggest to consider it as it will allow you to have a more integrated approach toward other network components.
How has it helped my organization?
I will definitely recommend it to any customer. But, it all depends on the requirements and money you have. But the Intrusion Prevention and anti-malware is really good with this solution. Overall, it is a really good product.
I remember a customer who was using another firewall product and they had serious issues in intrusion and malware detection and prevention. Plus, the reporting was not that detailed. I did a demo with these people with FTDv and FMCv and they were amazed with the solution.
What is most valuable?
The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate. I find it to be a more proactive approach as all devices collaborate with ISE in real time. I did a demo for a customer and there were no second thoughts in the usability of the solution. You should give it a try to find out more about how this works.
What needs improvement?
The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution. They should include a cloud-based sandbox as part of the security subscription service. In my experience, apart from the expensive price, SMB customers are lured away by other vendor solutions because of these reasons.
For how long have I used the solution?
I work for a systems integrator, who is also a partner for Cisco and other security vendors. I have a reasonable hands-on with different firewall products. I have been doing it since v6.1 release. Firepower is a bit difficult and takes time to learn.
Which solution did I use previously and why did I switch?
I did use and deploy different firewall solutions for various customers. But every customer has his own pain points. For example, for one of the customers, he was purely looking for URL filtering. We went with Sangfor IAM in that case. They have a very strong focus on application and URL filtering and user behavior management. Plus, reporting was very extensive.
What's my experience with pricing, setup cost, and licensing?
In my country, deployment may be charged from USD 1K to USD 10K depending on setup cost. There are different types of licenses:
* Threat
* URL
* Anti-malware
I would suggest going with an all-in-one bundle. You will end up saving money. Also, Cisco has a better discount on a 3YR subscription plan. Discuss this with your Cisco AM.
Which other solutions did I evaluate?
Yes, this included firewalls from Huawei, Fortinet, Sangfor, and Sophos. Most of the customers end up with:
* Fortinet,
* Sophos
* Sangfor
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2020-06-02T00:00:00-04:00
Rated 5 out of
5 by
Wahid Selman from
Reasonable priced, great customer service, and stable
What is our primary use case?
We are using the solution for airports.
How has it helped my organization?
The Cisco NGFW is an excellent fit for purpose for our network security.
For how long have I used the solution?
I have been using the solution for five years.
What do I think about the stability of the solution?
We have not had to deal with stability issues.
How are customer service and technical support?
The support of the solution is great, their staff is perfect.
How was the initial setup?
My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement.
What's my experience with pricing, setup cost, and licensing?
People have said that Palo Alto is a less expensive solution than Cisco, but in my experience, at least from today, Cisco is cheaper than Palo Alto.
What other advice do I have?
I do not hear anything bad about the competition. I am difficult to change my ways and learn a new product. Unless somebody comes and makes a SWOT analysis and shows me the evidence of how the alternative is better, I am fine with Cisco.
I would recommend this solution to others.
I rate Cisco Firepower NGFW Firewall an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2021-02-03T00:00:00-05:00
Rated 5 out of
5 by
reviewer1318416 from
Stable with a straightforward setup and good overall features
What is our primary use case?
The solution is primarily used for protecting the environment, or the cloud environments for our customers.
What is most valuable?
All the specific features you find within the NextGen firewall are quite useful. The touch intel feature is specifically useful to us. We deliberately choose this kind of product due to its set of features.
The implementation is pretty straightforward.
What needs improvement?
The security market is a fast-changing market. The solution needs to always check if the latest threats are covered under the solution.
It would always be helpful if the pricing was improved upon a bit.
In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard.
For how long have I used the solution?
We've been using the solution for about five or more years at this point.
What do I think about the stability of the solution?
The solution is stable. It's very reliable. It doesn't crash or freeze and doesn't seem to be plagued by bugs or glitches.
What do I think about the scalability of the solution?
The solution can scale quite well. A company that needs to expand it can do so easily.
In our case, we have clients with anywhere between 1,000 and 10,000 users.
How are customer service and technical support?
We have our own in-house team that can assist our clients should they need technical support. They're quite knowledgeable and can handle any issues.
Which solution did I use previously and why did I switch?
I also have experience with Fortinet and Check Point.
How was the initial setup?
The implementation isn't complex. It's straightforward. However, it also depends on the specifications of the customer. Normally we check that out first and then we can make a judgment of how to best implement the solution.
Typically, the deployment takes about two days to complete.
In terms of maintenance, we have about five people, who are engineers, who can handle the job.
What about the implementation team?
We deliver the solution to our customers.
What's my experience with pricing, setup cost, and licensing?
You do need to pay for the software license. In general, it's a moderately expensive solution. It's not the cheapest on the market.
What other advice do I have?
We're a partner. We aren't an end-user. We are a managed security provider, and therefore we use this solution for our customers.
We always provide the latest version of the solution to our clients.
Typically, we use both cloud and on-premises deployment models.
I'd recommend the solution to others. It's quite good.
On a scale from one to ten, I would rate it at an eight.
Which deployment model are you using for this solution?
On-premises
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2020-11-19T00:00:00-05:00
Rated 5 out of
5 by
reviewer1293345 from
User-friendly UI, blocking by category, has plenty of features
What is our primary use case?
We use the solution to monitor the connections as part of our parameter protection for our network. We restrict what kind of traffic comes in and out, we use it basically for traffic management.
What is most valuable?
Cisco used to be all command-line operations and now Firepower is in a way modelled from FortiGate. Firepower has integrated a UI into it now.
You do not have to do everything through a command line which makes it a lot easier to apply rules.
You are able to see the traffic of what sites users are visiting.
There are warnings if you are about to go to sites that could be malicious.
It also allows you to block within categories, such as, by URL.
The solution always had these capabilities, but it did not have a user interface that was user-friendly.
What needs improvement?
The solution could offer better control that would allow the ability to restrictions certain features from a website. For example, If we want to allow YouTube but not allow uploads or we want to allow Facebook but not allow the chat or to playing of videos. This ability to customize restrictions would be great.
For how long have I used the solution?
We have been using the solution for three months now. We have always used Cisco but before we were using the ASA and now we use the new version with the threat defence.
What do I think about the stability of the solution?
The stability is good so far. My opinion could change in another couple of months once we get more deeply involved with the solution.
What do I think about the scalability of the solution?
We currently are protection approximately 220 users.
How are customer service and technical support?
We just deployed it a couple of months ago, we have not used the tech support with the Firepower yet. We have not had an issue that we have had to raise with them.
Generally, the tech support for Cisco takes too long to go through the different tiers of support agents to get to someone that can resolve the issue. You end up speaking to someone that is not qualified to solve the issue, then you have to be escalated upwards over and over. This system could be better.
I rate the tech support service generally from Cisco a seven out of ten.
How was the initial setup?
The installation is not hard and not easy either, it falls in between.
What about the implementation team?
The time of implementation took us two to three days. This was in part because we were migrating from another Cisco firewall. The config files were already there, we just had to bring them over. While having the config files we just had to set up the hardware to have us up and running. The install could have taken longer if this was not the case.
What other advice do I have?
Currently, I would give this solution high marks because I have not had a problem. However, keeping in mind, my evaluation period has been short. I would not give the solution a ten, nothing is perfect.
I rate Cisco Firepower NGFW Firewall a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2021-01-08T00:00:00-05:00
Rated 5 out of
5 by
reviewer1445520 from
Quite stable with good technical support, but the reporting should be improved
What is our primary use case?
We are a service provider and we work on a variety of different projects for many customers. We do not use this product ourselves. Rather, we deploy it for different customers.
The primary use case is to protect the organization from unauthorized use.
What is most valuable?
The most valuable feature is the access control list (ACL).
What needs improvement?
Report generation is an area that should be improved.
For how long have I used the solution?
I have been working with this product for two years.
What do I think about the stability of the solution?
This firewall is quite stable and we use it on a daily basis.
What do I think about the scalability of the solution?
The scalability is good.
Which solution did I use previously and why did I switch?
I have not worked with equipment from OEMs other than Cisco. It's the only vendor I use.
How was the initial setup?
The initial setup is straightforward. The length of time for deployment depends on whether it is the entire setup or just the basic installation.
What about the implementation team?
I deployed this product myself.
What other advice do I have?
This is a product that I can recommend for an internal firewall. It's good enough.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: My company has a business relationship with this vendor other than being a customer:partner
Date published: 2020-11-22T00:00:00-05:00
Rated 5 out of
5 by
Joland Van Londen from
Talos continuously enriches intelligence so that you get information about upcoming threats on time
What is our primary use case?
Telindus, our company, is an integrator. We sell Firepower and we do use it ourselves. I use all the different versions of the product.
We either replace our customers' other brands of firewalls with Firepower, or we upgrade their old Cisco ASA Firewalls to the new Firepower firewalls. The type of device we advise them to install depends on the customer's requirements and the throughputs needed.
Our primary use case for Firepower is for big networks.
What is most valuable?
The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands. That is why, when people move from another brand to Cisco, they never leave Cisco. They see that advantage.
Something I like about Firepower, in general, is that it still relies on the old ASA code. That's something customers really like because when they go into the CLI, they remember, "Oh, that's the ASA, that I am familiar with," but it's enriched with all the next-gen features of Snort. When a customer has knowledge of the ASA codes, they can do intensive troubleshooting because they know the device.
Customers also like Talos, which is the intelligence behind all of Cisco's security products, including Firepower. Talos is very good and is actually the most important part of a security product. It's important that you have something in the background that is continuously enriching intelligence so that you get information about upcoming threats on time. That keeps you protected as soon as possible when a Zero-day happens. Something that customers like about Cisco Firepower, in combination with Talos intelligence, is that full-time people are working in the background to provide information to Cisco security products.
Customers really want visibility into their networks. For example, they want identity management and that is something you can use Firepower for. With it, in addition to an IP address going somewhere, you can also see the username. That's a big advantage of Firepower, and can be set up quite easily.
Also, in very large networks, our customers use Cisco DNA Center. They have automation orchestration for their access network and that works seamlessly with Cisco Firepower firewalls. Security Group Tags can be used from DNA to an edge Firepower firewall. That way, they have microsegmentation within their access network for DNA. And they can extend that to their firewall rules for Firepower.
Our customers also use Cisco ISE to get user information. ISE is connected to DNA Center. That is something that Firepower works seamlessly with, and we do sell it a lot. We sell a lot of Cisco's other security equipment, and they all send their information to SecureX. Having more Cisco security products means your security information is becoming enriched within the SecureX platform. The integration among these Cisco products is more than easy. Cisco documents everything, in detail, when it comes to how to integrate the different parts. I've never had an issue with integrating Cisco security products with each other.
And for smaller networks, like those our government customers have, what they like about Cisco Firepower, and why they purchase it nine out of 10 times, is its ease of use and the reporting in Firepower Management Center. That is something they really like. They can look up things themselves and they like the SecureX integration.
What needs improvement?
The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore.
For how long have I used the solution?
I've been using Cisco Firepower NGFW Firewall since it came out; from the time Cisco started to use the name Firepower and they bought Snort. That's when they put in the next-generation features.
What do I think about the stability of the solution?
Firepower is rock-stable. So far, I have not seen any failed firewall. The only thing that was not quite stable in the past was Firepower Management Center, but since version 6.6 that has also been rock-stable. I haven't had any failed components in the last couple of years. I did have them two years ago and further in the past, where firewalls were not functioning and needed a reboot, but since 6.6, the stability is very good. We don't have priority-one tickets anymore.
What do I think about the scalability of the solution?
In the Netherlands, where I work, we don't have very big customers requiring very high throughput. So I cannot say anything about clustering where you can pile different ASAs or Firepower devices together to increase performance when you require it.
But scalability, in general, is pretty hard. Competition-wise, sometimes it's hard to sell Cisco security products because, in my opinion, Cisco is quite honest about the real throughput they are able to provide. Other vendors may be giving figures that are a little bit "too perfect." Sometimes it's hard for us to sell Cisco firewalls because a customer says, "Well, when I go to other brands they say they have double the throughput for half the price." Well, that's great on paper, but...
In general, after we have installed Cisco firewalls, our customers are very pleased by the performance. They also like that they can tweak settings to get more performance out of the firewall by enabling specific policies for specific traffic, and by disabling inspection for very internal data center traffic. That provides a big boost to the overall firewall performance. When a customer complains that we didn't scale it correctly, and they say it's not performing as well as they expected, I'm always able to tweak things so that it performs the way the customer requires.
How are customer service and technical support?
I have interacted with Cisco's technical support many times. Nowadays, it sometimes takes a while to get to the person with the correct knowledge, but that is happening in the world in general. First-line people are common around the world and they are trying to figure out if an issue is actually a second-or third-line issue. But when you do reach the correct department, and they know that you are knowledgeable and that you are really facing a high-priority issue or a strange behavior, Cisco's support does everything it can to help you fix things, including involving the development department. I'm very happy with their tech support.
Which solution did I use previously and why did I switch?
Most of the time we replace Sophos, Check Point, SonicWall, and Fortinet firewalls with Cisco firewalls. Customers really like the overall integration with SecureX. They see the advantage of having more security products from Cisco to get more visibility into their security. We also replace old, non-next-generation firewalls from Cisco; old ASAs.
How was the initial setup?
The initial deployment of Firepower is a straightforward process. For me, it's pretty easy. If you have never worked with it, I can imagine it might be complex.
Cisco makes it easier all the time. You can now deploy a remote branch by managing the device on an external interface. In the beginning, with previous software versions, that was hard. You needed to configure the file as a remote branch, but for that you needed the central Firepower Management Center to configure it and you didn't have a connection yet. It was a big issue to set up an initial firewall remotely when there was no connection to the Management Center. But that's been fixed.
In general, you just put down some management IP addresses and configure things so that the devices see each other and it starts to work. It's far from complex.
Generally, the initial setup takes four hours. The implementation strategy depends on the customer. I always have a conversation with the customer upfront. I explain how the connectivity works for Cisco Firepower, and then I say that I want to be in a specific subnet field. Then I start configuring the basics, and that is the part that takes about four hours, for Firepower Management Center and two firewalls in HA. Then, I start to configure the firewalls themselves, the policies, et cetera.
Which other solutions did I evaluate?
I have experience with SonicWall, Fortinet, Juniper, and Sophos firewalls, among others. We work with Fortinet and Palo Alto. It's not that we only do Cisco. But I can say from my experience that I am really more convinced about Cisco products.
What customers really like about Cisco, the number-one thing that they are really happy about within Firepower—and it was also in the old ASA code, but it's even more a feature in Firepower—is that the configuration is in modules. It's modular. You have different policies for the different functions within your firewall, so that your access control policy is only for your access lists and that's it. You have a different network address translation policy. It's all separated into different policies, so a customer knows exactly where to look to configure something, to change something, or to look at something which is not working properly.
Also, with Cisco, when a customer is not totally certain about a change he's going to make, he can...
Disclaimer: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:Reseller
Date published: 2021-07-18T00:00:00-04:00
Rated 5 out of
5 by
Ed Vanderpool from
Stops threats immediately and gives us more granularity on what those threats might be
What is our primary use case?
We are specifically using 7.0 Firepower in several different areas. We have them as an IPS within the core, IPS on the edge, and we're also using the AnyConnect Client as our basis for VPN connection into corporate and other applications.
How has it helped my organization?
Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be.
We were able to stop hundreds of threats. For killing threats, we were able to get several hundred now in comparison to the one-off that we used to be able to do.
Dynamic policies are very important for us because we do not have the manpower to really look at everything all the time. So having a dynamic way of really registering, looking at, and having certain actions tied to that are incredibly effective for us in slowing any kind of threat.
We're getting there as far as using the application, using it to go to the application level, we're at the infancy of that. We're looking at definitely tying that into our critical applications so that we can see exactly what they're doing, when they're doing it, and being able to track that.
Firepower's Snort 3.0 IPS allows us to maintain performance while running more rules with the advent of 3.0 comparatively to 2X, we have seen at least a 10 to 15% increase in speed where it seems to be more effective. The updates seem to be more effective in finding malicious information. We've definitely seen at least a 10 to 15% increase on tying policy to 3.0.
What is most valuable?
The features that we find the biggest bang for the buck are for Firepower overall. We're looking at AnyConnect, which is one of the big features. The other valuable features are IPS along with the Geotagging and the Geosync features, and of course the firewall, the basic subset of firewall infrastructure and policy management.
We've looked at other vendors, but Cisco by far has taken the lead with a holistic approach where we don't have to manage multiple different edges at one time. We can actually push policy out from our core out to the edge. The policy can be as granular as we need it to be. So the administration, also the upgradability of the edge is for us because we need to have it 24/7. The upgradability is also another piece of management, logging, and all the other little aspects of the monitoring part.
Using deep packet inspection, especially with 7.0, since it's just come out in 7.0, we're able to see much more granularly into the packet where before we could actually give a general overview using NetFlow. This gives us much more granularity into what is exactly happening on our network and snapping in the Cisco StealthWatch piece gives us the end-to-end way of monitoring our network and making sure that it's secure.
The overall ease of use when it comes to managing Cisco Secure Firewall is one of the reasons that we ended up going with Cisco because the ease of use, basically having one UI to be able to control all of our end devices, policy, geolocation, AnyConnect, all the different pieces of that in one area has been phenomenal.
Cisco Secure Firewall helped to reduce our firewall operational costs because previously if we were not using Cisco's Firepower, we would have had either Cisco ASA or another manufacturer, and we would have had those everywhere. We would have had still two at every site, several within our infrastructure, and the management of those is much more difficult because it's done by one-off.
As far as saving Adventist Health money, I would have to say that it's not necessarily the actual physical product, but the time, labor that we would have had to have to be able to monitor and administer that, and also the time to find malicious issues and security areas that we were unable to see before. So, it's tough to put a cost on that, but it would probably be several hundred thousand dollars overall if you're looking at whether we got hit with malware or with some of the other issues that we're seeing, especially within healthcare. If we were hacked, that would cost us millions.
What needs improvement?
One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically.
The other part of that is that applying policy still takes longer than we expect. Every version that comes out, the speed is actually increased, but I would love to see that, even a little more as far as when we're actually deploying policy.
For how long have I used the solution?
We have been using Firepower's series for at least the last six years.
We're staggered right now. The Firepower Management Console is at 7.0 and most of our Firepower units are at 6.6.
We have two areas for deployment. We have them as an edge at our markets, we term our hospitals as markets, but each one of the hospitals will have an HA Pair of the Firepower model. And we also have them in our core, within the ACI infrastructure. We use them as a core firewall along with an Edge firewall.
What do I think about the stability of the solution?
We've been using Firepower, the Threat Defense, and the Management Console for about six and a half years and I think we've had maybe two issues with it. And most of those were due to either our policy settings or something that we messed up. We've never had to return a box and we've never run into any major bugs that have actually hindered the actual security of the system.
What do I think about the scalability of the solution?
Scalability so far has been fantastic because we started with four Firepower Threat Defense boxes, but really after that, now we have 14 and we're going to be pushing that to 44 to 46 devices. The implementation has been pretty seamless and pretty easy. It's been great.
We use it exclusively for edge and core for firewall and for policy and for IPS and AnyConnect. We plan on continuing to integrate that tighter. So in the future, we probably will not grow that many physical devices, but we plan on actually integrating those tighter into the system, tighter with integration, with Cisco's ISE, and tighter integration with our ACI infrastructure. So at the end of the day, we don't see us going any further away from using Firepower as our core security edge device.
How are customer service and support?
My company has been using Cisco for many years. One of the huge pieces for us is, of course, the supportability and ongoing update, maintenance, and care. We've had a great relationship with Cisco. The tech is outstanding. Typically, we will open a tech case and they will know exactly what the issue is within two to three hours if it's a very difficult one. Typically they even know what it is when we actually open the case.
We've actually had a fantastic relationship working with Cisco. They've had a fast turnaround, great tech support, and we have not run into any issues thus far with the Firepower overall.
Which solution did I use previously and why did I switch?
Prior to actually using Firepower, we were still a Cisco shop. We used Cisco ASA exclusively, and it was fantastic. But with the advent of Firepower, being able to manage, monitor, and upgrade has really cut back our time on those processes by less than half of what we had before. We were using the good old ASA for many years.
How was the initial setup?
We found that the initial setup using Firepower products was actually very simple. The initial configuration for the Management Console was very straightforward. Adding devices usually takes a few minutes. And then once you've got them physically set up in your Management Console, it's streamlined. It's actually very simple.
One of the great features of having the Cisco Firepower Management Console is having the ability to group. So we have each one of our hospitals as a group, so we can actually do any device configuration within a group. They're HA so that when we do an upgrade, it is seamless because when it fires off the upgrade, it will actually force the HA over automatically as part of the upgrade. And the other part of that is policy management. We have several policies, but specifically, one for the general use at our hospitals has been phenomenal because you build out one policy and you can push that out to all of your end nodes with one push.
We require two staff members to actually implement and devise the initial configuration.
At my company, you have to be at least a senior or an architect in order to manage any type of firewalling, whether that's the IPS, the actual firewall itself, or AnyConnect. So we have senior network engineers that are assigned for that task.
We typically have one person that will actually rotate through the group for the maintenance. There's a senior network engineer that will maintain that on a daily basis. Typically, it doesn't take maintenance every day. The biggest maintenance for us comes to updating policy, verifying the ge...
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2021-10-05T00:00:00-04:00
Rated 5 out of
5 by
Cesar Beut from
Blocks attacks by providing a security barrier
What is our primary use case?
We use it to configure the perimeter firewalls. In FireSIGHT, we have two firewalls in a cluster with high ability, then we have five firewalls in Offices. We use those firewalls as a perimeter for Offices.
We have all the devices in the Firepower Management Center system. We always work with Firepower devices in Firepower Management Center.
We have offices around the world. We are in Europe, the USA, and South America.
How has it helped my organization?
We have border security with Firepower. We try to curb security issues by using this Firepower firewall.
What is most valuable?
The solution provides us with good working application visibility and control.
I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete.
What needs improvement?
The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.
Three years ago, the Firepower Management Center was very slow. The solution has improved a lot in the last couple of years. It is now faster. I hope that continues to improve.
For how long have I used the solution?
I have been using it for three years.
What do I think about the stability of the solution?
We have five devices. In Rome, we don't have a technician and didn't work when we started using it. We had to send a technician to Rome to reboot the system. Now, it is stable with no problems. Also, we lost the link to the high availability firewall in our data center. We only had one device there, and Solutel had to solve this issue.
What do I think about the scalability of the solution?
The scalability is great.
We have five devices in four locations.
Three network administrators who work with Firepower, including myself.
How are customer service and technical support?
I usually create an issue with Solutel, then they create a case with Cisco Talos or the Cisco technicians. I am happy with Solutel's support.
How was the initial setup?
We deployed in several cities, but not the same day.
What about the implementation team?
The initial deployment was done by a Cisco partner, Solutel. Our experience with Solutel was fantastic. They are local partners for us and provided us with great service.
What was our ROI?
We realized that clearly we have issues of security with a lot of attacks. I don't know if it is because with the COVID-19 virus a lot of hackers are at home or working more hours. In the last year, we have seen attacks that are very big, and we need a barrier. So, we use a firewall to block these attacks.
What's my experience with pricing, setup cost, and licensing?
The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case.
Our license for Firepower is their best license.
Which other solutions did I evaluate?
We have FortiGate firewalls, the security of Office 365 from Microsoft, Cisco Umbrella, and Kaspersky Anti-virus. We are also using Cisco ASA, Meraki switches, and a router from Cisco.
The Firepower Management Center tool is very slow. We also have the FortiGate firewalls and these tools for configuring the firewall are faster.
We have to make a change to our devices in South America. We are currently evaluating Cisco Firepower Series 1000 versus FortiGate. Firepower is more powerful than FortiGate, but FortiGate is more flexible and easier to configure. Because of our last issues with Firepower, it is possible that FortiGate is more stable.
What other advice do I have?
It is a very powerful device. Firepower Management Center is a great tool, but it is a bit slow.
We don't have Cisco Umbrella integrated with Firepower. We tested Firepower's integration with Meraki Umbrella, but we don't use it because you need better firmware.
I would rate this solution as an eight (out of 10).
Disclaimer: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2021-02-17T00:00:00-05:00
Rated 5 out of
5 by
MD.SIHAB TALUKDAR from
Stable and reasonably-priced, and the support is okay
What is our primary use case?
This is a product that is used at the infrastructure level to protect the network from outside traffic.
What is most valuable?
The most valuable feature is stability.
What needs improvement?
When using this product, our network is slower. The performance should be improved.
The installation could be made easier.
For how long have I used the solution?
We have been working with Cisco Firepower NGFW Firewall for more than two years.
What do I think about the stability of the solution?
This is a stable product and we plan to continue using it.
How are customer service and technical support?
Support from Cisco is good enough.
How was the initial setup?
The installation can be easy, although it is slightly more difficult to install than Fortinet FortiGate. One day is enough for deployment but it takes a long time to configure.
What about the implementation team?
I deployed Firepower with support from the team in India.
We have a team of three people for deployment and maintenance.
What's my experience with pricing, setup cost, and licensing?
The price of Firepower is not bad compared to other products.
What other advice do I have?
This is a good product and I recommend it.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2021-01-17T00:00:00-05:00
Rated 5 out of
5 by
reviewer1126164 from
A stable, advanced threat detection solution with a straightforward setup, but with room for improvement on the console visualization
What is most valuable?
The feature I have found most valuable is the IPS advanced threat detection for removing ransomware and malware.
What needs improvement?
An area of improvement for this solution is the console visualization.
For how long have I used the solution?
I have been using this solution for two months.
What do I think about the stability of the solution?
The solution is stable.
How are customer service and technical support?
The customer service/technical support is very good with this solution.
How was the initial setup?
The initial setup is straightforward and it took two weeks to deploy. Currently, 5000 employees use this solution in our company.
What's my experience with pricing, setup cost, and licensing?
The solution was chosen because of its price compared to other similar solutions.
What other advice do I have?
I would recommend this solution to other users.
Which deployment model are you using for this solution?
On-premises
Disclaimer: My company has a business relationship with this vendor other than being a customer:Integrator
Date published: 2021-01-24T00:00:00-05:00
Rated 5 out of
5 by
Mufeed Siaj from
Good throughput, with one-of-a-kind support, that is scalable
What is our primary use case?
I am a pre-sales engineer, and I do comparisons based on my customer's requests.
What is most valuable?
The most valuable features of this solution are the integrations and IPS throughput.
What needs improvement?
The price and SD-WAN capabilities are the areas that need improvement.
In the next release, I would like to see more of the FortiGate features added. FortiGate is compatible with Cisco ACI, but I can't see the firepower with the security fabric. For example, if I had Fortinet activated, could I integrate with it?
For how long have I used the solution?
I have familiar with the Next Generation firewalls for two years, and six years with firewalls in general.
What do I think about the stability of the solution?
It's a stable product.
What do I think about the scalability of the solution?
It's scalable indeed.
Our clients are SMB Enterprise.
How are customer service and technical support?
It's just a fact, nothing is better than Cisco technical support.
Which solution did I use previously and why did I switch?
Previously, I was working with Fortinet. I would most likely recommend Fortinet, because of the price and the security fabric integration with other products. It's scalable as well, and all of the FortiGate features are useful.
It's very easy to implement and it's very easy to administrate.
How was the initial setup?
The initial setup was straightforward. With other vendors, it is easier, but it was straightforward.
What's my experience with pricing, setup cost, and licensing?
This product is expensive.
What other advice do I have?
I would rate this solution an eight out of ten.
Disclaimer: My company has a business relationship with this vendor other than being a customer:
Date published: 2020-11-29T00:00:00-05:00
Rated 5 out of
5 by
Paul M Wojciechowski from
Protects your system against threats and advanced malware
What is our primary use case?
We use it for the actual firewall and also site-to-site VPN.
Our company is always growing. Every day's a new day and there is always something new to learn. We are a mature organization, but we can never sit still. We have two company locations and we use Cisco Firepower as our main firewall at both locations.
Overall, for security, we use about seven tools.
Within our company, there are just two people that maintain this solution. Myself and the IT manager. I'm the network administrator.
How has it helped my organization?
We were the subject of a ransomware attack a little over a year ago. Due to our console, we're able to easily see where the threat came from all while being able to shut down the network but maintain our network on the other side — or the other side of the site-to-site VPN. Then we could fix what we needed to be fixed here, and then subsequently correct the issues on the other side.
What is most valuable?
The Manageability through the FMC is superb. I have a single dashboard that I can manage my firewalls from. I can see and manage all of my objects and control all my policies. I can look at all my logs and control my whole network from one dashboard.
What needs improvement?
FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it. Maybe more of an IDS approach. I don't know a better way to say it, but more of a heavier proactive approach rather than a reactive one.
For how long have I used the solution?
I have been using Cisco Firepower NGFW Firewall for two years.
What do I think about the stability of the solution?
I have had little to no issues except with the first version that we had. There was a known issue with Cisco in the first version. When I went to do a restore, there was a known issue with something with the Linux kernel. It took us about two weeks to get the restore working. It was a scary moment for us, but we worked through it, and ever since we've had no issues, stability-wise.
How are customer service and technical support?
I have contacted support multiple times and I have no problems with them. I think they do the best with what they have — especially with the pandemic this year. I think they've done everything they can do with what they have. They don't stop. They don't give up until the issue is resolved. They're really good with following-up too, making sure that the issue hasn't come back.
Which solution did I use previously and why did I switch?
We have another product that monitors all traffic. It just sits back and idols in the background — It integrates, but it doesn't if you know what I mean. It's a separate dashboard, but it alerts us. We can control the security — level zero through one hundred. If a threat registers above 54% (we have the limit set at 51) it alerts us. If it's a specific threat, it can shut down services, ports, machines, authentication, and so on and so forth.
We also use AMP Umbrella and SecureX duo. They're pretty easy to integrate. I wouldn't say beginner level, but if you have a working knowledge of networks and security, you can easily get them integrated. Also, if you need help, Cisco's always there to assist.
We use Firepower Management Center — it's a wonderful tool. It has an awesome all-in-one pane of glass dashboard so you can manage multiple devices from one dashboard. It's also very easy set up.
We used to use SonicWall. Cisco was purchased right before I came on board, but from my knowledge, we had issues with the licensing of SonicWall. We are a Cisco shop. Both my manager and I prefer Cisco over other vendors. We have more experience with Cisco and their customer support and the products themselves are just better in our experience.
How was the initial setup?
The deployment was with all new networks, so the architecture was with a peer. We first sat down and discussed or laid out our network and what it would look like through IP schemes and everything else in that sense. We then figured out how many users we would have and decide what size of hardware we would need. We decided on what type of VPN connection and what certificates we would need. After that, once we were able to secure those tunnels and get communication going between our two locations, we then started tightening down our two networks as we have multiple networks within each location.
We had to decide what all needed to communicate with one another. Not every network needed to touch the outside world.
What about the implementation team?
From start to finish, including production rollout for other areas, deployment took roughly one month. We did it all in-house.
Some maintenance is required involving security patches. Cisco is really good at deploying those or not deploying those, but putting those out and having release notes and upgrade paths and just the information behind all of their patches. Cisco does a really good job with that.
What's my experience with pricing, setup cost, and licensing?
With any solution from anybody, I always think that licensing is a little high — but it's comparable to other companies. It definitely competes with the other vendors in the market.
What other advice do I have?
If configured, Firepower provides us with application visibility and control.
The ability to futureproof our security strategy is definitely there. There are a lot of functions that we don't yet use. When I say we don't use a function, I mean that the functionality or the ability is not turned on yet simply because we have not gotten around to it. The ability is there, the capability is there. That also goes into the reasoning behind why we chose it.
Do your research, know your skillset, be comfortable with your skillset, and don't be afraid to challenge yourself.
Overall, on a scale from one to ten, I would give this solution a rating of eight.
Disclaimer: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2021-02-04T00:00:00-05:00
Rated 5 out of
5 by
reviewer1471347 from
A firewall solution with a straightforward setup and a useful incidence response feature
What is our primary use case?
Cisco Firepower NGFW Firewall has a lot of environment to use for your network to see what kind of critical threats are coming or going. I use it to find out what this threat is and then formulate a strategy for it. I use it a lot on my simple network to see how it works, inspect the network traffic, and so on.
What is most valuable?
Cisco Firepower NGFW Firewall is a really helpful product for network security. I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is useful.
What needs improvement?
Cisco Firepower NGFW Firewall can be more secure. But no product is 100% secure, so it's a case of always wanting more security. The product is also really expensive. It would help if they provided free academic access to the enterprise edition for students for a whole month, two months, three months, or a year.
For how long have I used the solution?
I have been using Cisco Firepower NGFW Firewall for about two years.
Which solution did I use previously and why did I switch?
I used Cisco ASA Firewall, but in our specific environment and not for the whole network.
How was the initial setup?
It's easy to install Cisco Firepower NGFW Firewall. You can install it on the platform with all the images in one set form. It took me about 20 to 30 minutes to install.
What about the implementation team?
I implemented Cisco Firepower NGFW Firewall on my own.
What's my experience with pricing, setup cost, and licensing?
For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive. But it should be affordable for enterprises and educational institutions.
What other advice do I have?
I would recommend Cisco Firepower NGFW Firewall to potential customers.
On a scale from one to ten, I would give Cisco Firepower NGFW Firewall a ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2021-01-03T00:00:00-05:00
Rated 5 out of
5 by
reviewer1512729 from
Reliable, good support, good documentation makes it straightforward to set up
What is our primary use case?
I am an IT administrator and my job is probably 80% security analyst. We are a HIPAA environment, so we're a regulated industry and my job is to keep us from being breached. It's extremely difficult and an ever-changing, evolving problem. As such, I spend a couple of hours a day just reading everything threat report from every source I can get.
We have a pair of 2110 models, with high availability set up.
There are multiple licenses that you can get with this firewall, and we subscribe to all three. A few months ago, we made the decision to do an enterprise agreement just because of the amount of security software we have. We subscribe to the threat, the URL, and the malware licensing. We use it for IPS, URL blocking, IP blocking, and domain blocking.
We've embraced the Cisco ecosystem primarily because I think they made some very intelligent acquisitions. We talk about security and depth and they've really done a good job of targeting their acquisition of OpenDNS Umbrella. It's all part of our ecosystem.
I take the firewall information and using SecureX, Cisco Threat Response, AMP for Endpoints, and Umbrella, I'm able to aggregate all that data with what I'm getting from the firewalls and from our email security, all into one location. From my perspective, being a medium-sized organization, threat hunting can be extremely difficult.
How has it helped my organization?
This product enriches all of the threat data, which I am able to see in one place.
There's nothing I personally have needed to do that I haven't been able to do with the firewall. It integrates so tightly into how I spend the majority of my day, which is threat response.
Much of this depends on any given organization's use case, but because I was an early adapter of Cisco Threat Response and was able to start pulling that data into it, and aggregate that with all of my other data. As I'm doing threat hunting, rather than jump into the firewall and look in the firewall at events, I'm able to pull that directly into Threat Response.
The ability to see the correlation of different event types in one place, these firewalls have definitely enriched that. You have Umbrella, but there are so many different attack types that it's good to have the DNS inspection at the firewall on the edge level too. So, the ability to take all of that firewall data and ingest it directly via SecureX and into our SIEM, where I have other threat feeds, including third-party thread feeds, gives our SIEM the ability to look at the firewall data as well. It lends to the whole concept of layering, where you don't have to have all of your eggs in one basket.
With our Rapid7 solution, I'm able to take the firewall data and dump it into our SIEM. The SIEM is using its threat feeds, as well as the threat feeds that are coming from Cisco Talos. In fact, I have other ones coming into the SIEM as well. So, I'm able to also make sure that something's not missed on the Talos side because it's getting dumped into our SIEM at the same time. All of this is easy to set up and in fact, I can automate it because I can get the threat data from the firewall.
In terms of its ability to future-proof our security strategy, every update they've done makes sense. We've been using one flavor or another of Cisco firewall products for a long time. Although I have friends that live and die by Fortinet or Palo Alto, I've never personally felt that I'm wanting for features.
What is most valuable?
We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government. My experience with Talos has been, they're pretty on top of things. Another driving factor towards Cisco: We get feeds every hour, automatically refreshed, and updated into the firewall.
If I had to rely on one security intelligence, which I wouldn't, but if I had to, I'm sure it would be Talos. The fact that it gets hourly updates from Talos gives me some peace of mind.
The real strength for the Cisco next-generation firewall is it'll do pretty much anything you want it to do, although it requires expertise and proper implementation. It's not an off-the-shelf product. For instance, there are some firewalls that may be easier to set up because they don't have the complexity, but at the same time, they don't have the feature set that the Cisco firewall has.
The firewall does DNS inspection, and you can create policies there.
The firewall integrates seamlessly and fully with our SIEM. We use a Rapid7 SIEM inside IDR and it now integrates seamlessly with that. Cisco's doing a lot more with APIs and automation, which we've been leveraging.
In terms of application visibility and control, I used the firewall and I also use Umbrella, but it depends on what it is that I'm seeing. One component that I use is network discovery. When you configure the policy properly, it'll go out and do network discovery so you're not loading up a bunch of rules you don't necessarily need. Instead, you're targeting rules that Cisco will say, "Hey, because of network discovery, we found that with this bind to whichever version server, we recommend you apply this ruleset." This is something that's been very helpful. You don't necessarily have to download every rule set, depending on your environment.
I have used it for application control. Right now, we're in the midst of doing tighter integration with ISE and the integration is very good. This is something that we would expect, given that it's a Cisco product.
I use the automated policy application and enforcement every chance I get. Using an automation approach, I would rather have a machine isolated even if it's a false positive because that can happen much faster than I can get an alert and react to it. On my end, I'm trying to automate everything that I can, and I haven't experienced a false positive yet.
Anything that's machine learning-based with automation, that's where I'm focusing a fair amount of attention. Another advantage to having Cisco is that their installed base is so huge. With machine learning, you're benefiting from that large base because the bigger their reach is, the bigger and better the dataset is for machine learning.
At some point, you have to trust that the data set is good. What's impressed me about Cisco is with all of our Cisco products, whether it's AMP or whatever, they're really putting an emphasis on automation, including workflows. For someone like me, if I get an alert in the middle of the night and I see it at 6:00 AM, it is going to be a case of valuable time lost, so anything that I can do to make my life easier, I'll definitely do it.
What needs improvement?
It would be great if some of the load times were faster. My general sense is that it's probably related to them taking a couple of different technologies and marrying them together. We are using virtual, so the way that I handled that was to throw more RAM in it, which these days, is pretty cheap. I could see some improvement with the speed of deploying policies out, although it's not terrible by any means. One thing about Cisco is whatever they're doing, it keeps getting better.
The speed of deploying policies could be improved, although it is not terrible by any means.
Another legitimate criticism of Cisco that comes to mind is that you need to make sure you've got your licensing straightened out. I haven't had any problems in a long time, but I know people that haven't used Cisco products sometimes can run into issues because they haven't figured out so-called smart licensing. Depending on the Cisco person you're working with, make sure you have all that stuff all set to go before you start the implementation.
That's an area that Cisco has been working on, I know. But licensing is a common complaint about Cisco. I suggest making sure that you have that stuff in place and you've got all your licenses all ready to go. It seems like a dumb thing, but my most common complaint about Cisco before we entered into our enterprise agreement was licensing. When it's working, it's great, but God help you if you've got a licensing problem.
What do I think about the stability of the solution?
They've been very reliable for us and we haven't had one fail, so we've never had to failover. That has been generally my experience with Cisco products, which is one reason that we tend to lean on Cisco hardware for switching, too. The reliability of the hardware over the years has been very good.
What do I think about the scalability of the solution?
We have integrated these firewalls with other products, such as Cisco ISE, and it hasn't been a problem. ISE is a Cisco product so it would make sense that it integrates well, but ISE integrates with other firewalls as well.
Everything that I've done with these firewalls has been pretty seamless. We've had no downtime with them at all. They've been very rugged as we expanded usage through integration.
How are customer service and technical support?
People knock Cisco TAC but in my experience, they have been very good. I've always found them to be extremely helpful. Friends that I have made from inside Cisco say, "Hey, you want me to look at this or that?", which is very helpful.
Which solution did I use previously and why did I switch?
The big three solutions, Cisco, Fortinet, and Palo Alto, are all really good but I tend to lean on Cisco versus the others because one of their strengths, in general, is threat intelligence. When you put a bunch of security people in a room then you have a ...
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2021-03-20T00:00:00-04:00
Rated 5 out of
5 by
Francesco-Molino from
Very easy to filter in and out on east-west or north-south traffic
What is our primary use case?
We have multiple use cases for Cisco Firepower. We have two types of use cases:
* Protect the perimeter of the enterprise.
* Inter-VRF zoning and routing.
The goal is to have some Firewall protection with a Layer 7 features, like URL filtering, IPS, malware at the perimeter level as well as inspecting the traffic going through that firewall, because all traffic is encrypted. We want visibility, ensuring that we can protect ourselves as much as we can.
In production, I am currently using Cisco Firepower version 6.7 with the latest patch, and we are starting to roll out version 7.0.
I have multiple customers who are running Cisco Firepower on-prem. Increasingly, customers are going through the cloud, using Cisco Firepower on AWS and Azure.
How has it helped my organization?
We are implementing Cisco Firepower at the Inter-VRF level so we can have some segmentation. For example, between ACI and all the Inter-VRF being done through Firepower, we are able to inspect local east-west traffic. It is great to use Cisco Firepower for segmentation, because on the Firepower, we now have a feature called VRF. So, you can also expand the VRF that you have locally on your network back to the firewall and do some more tweaking and segmentation. Whereas, everything was coming into a single bucket previously and you had to play around with some features to make sure that the leaking of the prefixes was not advertised. Now, we are really working towards segmentation in terms of routing in Firepower.
The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic.
Since SecureX was released, this has been a big advantage for Cisco Firepower. You can give a tool to a customer to do some analysis, where before they were doing it manually. So, this is a very big advantage.
What is most valuable?
The IPS is one of the top features that I love.
The dashboard of the Firepower Management Center (FMC) has improved. The UI has been updated to look like a 2021 UI, instead of what it was before. It is easy to use and navigate. In the beginning, the push of the config was very slow. Now, we are able to push away some conflicts very quickly. We are also getting new features with each release. For example, when you are applying something and have a bad configuration, then you can quickly roll back to when it was not there. So, there have been a lot of improvements in terms of UI and configuration.
What needs improvement?
We saw a lot of improvements on Cisco Firepower when Snort 3 came along. Before, with Snort 2, we were able to do some stuff, but the bandwidth was impacted. With Snort 3, we now have much better performance.
I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here.
For how long have I used the solution?
I have been using Cisco Firepower for multiple years, around four to five years.
What do I think about the stability of the solution?
In terms of Firepower's stability, we had some issues with Snort 2 CPUs when using older versions in the past. However, since using version 6.4 until now, I haven't seen any big issues. We have had some issues, just like any other vendor, but not in terms of stability. We have had a few bugs, but stability is something that is rock-solid in terms of Firepower.
What do I think about the scalability of the solution?
Cisco Firepower scalability is something that can be done easily if you respect the best practices and don't have any specific use cases. If I take the example of one of my customers moving to the cloud, there is one FMC and he is popping new Firepower devices on the cloud, just attaching them to the existing policy and knots. This is done in a few minutes. It is very easy to do.
How are customer service and support?
When you open a ticket with Cisco tech support for Cisco FMC, you can be quite confident. Right away, the engineer onboarding is someone skilled and can help you out very quickly and easily. This is something that is true 90% of the time. For sure, you always have 10% of the time where you are fighting to get the right guy. But, most of the time, the guy who does the onboarding can right away help you out.
How was the initial setup?
The initial setup and implementation of Cisco Firepower is very easy. I am working with a lot more vendors of firewalls, and Cisco Firepower is one of the best today. It is one of the easiest to set up.
The minimum deployment time depends on really what you want to do. If you just want to initiate a quick setup with some IPS and have already deployed FMC, then it takes less than one hour. It is very easy.
What takes more time is deploying the OVA of Cisco Firepower Management Center and doing all the cabling stuff. All the rest, it is very easy.
If you are working without a Firepower Management Center and using Firepower Device Manager with Cisco on the cloud, then it is even easier. It is like the Meraki setup, where you just plug and play everything and everything will be connected to the cloud. It is very easy.
If you configure Cisco Firepower, it has to be based on Cisco's recommendations. You can view all the traffic and have full visibility in terms of applications, support, URL categorization, and inspect malware or whatever file is being exchanged. We also love to interconnect Cisco Firepower with some Cisco ISE appliances so we can do some kind of threat containment. If something is seen as a virus coming in from a user, we can directly tell Cisco ISE to block that user right away.
What about the implementation team?
I am working for a Cisco Professional Services Partner. We have only one guy deploying the devices. We don't require a big team to deploy it. In terms of configuration, it takes more people based on each person's skills because you have multiple areas: firewalls, IPS, knots, and routing. So, it depends on which skills will be required the most.
For maintenance on an average small to medium customer, it takes one to two people. When it is a big customer with multiple sites, you should have a small team of four to five people. This is because it is mostly not about creating the rules, but more about checking and analyzing the logs coming through Cisco Firepower Manager Center.
What was our ROI?
Whether Cisco Firepower reduces costs depends on the architecture that you are on. I had some of my customers answer, "Totally, yes," but for some of them that is not really true.
What's my experience with pricing, setup cost, and licensing?
When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today.
Which other solutions did I evaluate?
I have worked with Palo Alto, Fortinet, and Sophos. I work a lot more with Palo Alto and Cisco Firepower. I find them to be very easy in terms of management operations. Fortinet is also a vendor where we see the ease of use, but in terms of troubleshooting, it is more complex than Firepower and Palo Alto. Sophos is the hardest one for me to use.
I love the IPS more on the Cisco Firepower, where you can do more tweaking compared to the other solutions. Where I love Palo Alto and Fortinet more compared to Firepower is that you still have CLI access to some configs instead of going through the UI and pushing some configs. When you are in big trouble, sometimes the command line is easier to push a lot more configs than doing some clicks and pushing them through the UI.
Compared to the other vendors, Firepower requires more deep dive skills on the IPS stuff to make it work and ensure that you are protected. If you go with the basic one in the package, you will be protected, but not so much. So, you need to have more deep dive knowledge on the IPS to be sure that you can tweak it and you can protect yourself.
Another Cisco Firepower advantage would be the Talos database. That is a big advantage compared to other solutions.
In terms of threat defense, we have a feature of TLS 1.3 that is free where we can see applications without doing any SSL inspection, which can increase the performance of the firewall without doing some deep dive inspection. At the same time, we keep some visibility of what application is going through. Therefore, we have a win-win situation if one wants to protect against some specific applications.
What other advice do I have?
Do not just look at the data sheet that vendors are publishing. Sometimes, they make sense. But, in reality, these documents are made based on specific use cases. Just do a proof of concept and test every single feature. You will find out that Cisco Firepower is much better and more tweaka...
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:Partner
Date published: 2021-08-01T00:00:00-04:00
Rated 5 out of
5 by
reviewer1627155 from
Helpful in creating policies for fast-changing environments and provides good visibility and protection
What is our primary use case?
We use it to segment the east and the west traffic in our data center. We also use it on the internet edge and for VPN termination.
We use its multiple versions. We use the virtual and the physical ones. We have multiple Cisco Firepower 9300, and we also have a few Cisco Firepower 4100.
How has it helped my organization?
It helps in protecting against threats from outside and within our data center. With the enhancement in the newest version 7.0, visibility is where we always wanted it to be. The introduction of the Unified Events feature really helps us out daily.
It enables us to implement dynamic policies for dynamic environments. With the recently added Dynamic Attributes feature, we are able to create more dynamic and fast-changing policies. In our data center, workloads tend to go up and down very quickly, and that's why dynamic policies are important. Because the workloads in our data center are fast-moving, we need to be able to change our firewall policy accordingly and quickly. That's what makes it a very important feature for us.
Snort 3 IPS allows us to maintain performance while running more rules. Our performance has
definitely increased after migrating to Snort 3. Rules are easier to implement. We also like the underlying antivirus advancements that they made with the new architecture, which increases its benefit for us.
What is most valuable?
The VPN and the login enhancements that were introduced in version 7.0 are invaluable to us. That was something that was missing before.
Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch.
It is good in terms of the overall ease to use in managing it. Some of the things need some tuning, but overall, it is good.
What needs improvement?
The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs.
For how long have I used the solution?
I have been using this solution for about six years.
What do I think about the stability of the solution?
Its stability is quite good. We couldn't find any issues.
What do I think about the scalability of the solution?
Its scalability is very good due to clustering.
In terms of our plans to increase its usage, it has everything we need. We don't plan to add anything more because it has all that we need as of now.
How are customer service and technical support?
Their support is not perfect. Sometimes, you get the feeling that some of the support engineers don't have a deep knowledge of the product, but there are some engineers who are able to help.
Which solution did I use previously and why did I switch?
Most of our clients were on Cisco ASA.
How was the initial setup?
I wouldn't call it extremely straightforward, but I wouldn't call it complex either. Its deployment took about a day.
In terms of the deployment strategy, we create our deployment plans for ourselves and our customers. The deployment plan depends on the environment.
What about the implementation team?
We deploy it ourselves.
What was our ROI?
It is very hard to say because we don't measure that. It is also very difficult to measure if it has helped in reducing our firewall operational costs.
What's my experience with pricing, setup cost, and licensing?
Its pricing is good and competitive. There is a maintenance cost.
It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities.
What other advice do I have?
Technically, it is a very good firewall, but some improvements need to be done on the management side. I would advise getting a consultant or someone from Cisco to help you in implementing and using this firewall to its fullest extent.
We don't use workload integration as of now. We also don't use its dynamic policy capabilities to enable tight integration with a secure workload at the application workload level. Similarly, we don't use the solution's tags for VMware, AWS, or Azure for dynamic policies implementation in the cloud.
I would rate Cisco Firepower NGFW Firewall an eight out of 10.
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:Partner
Date published: 2021-08-01T00:00:00-04:00
Rated 5 out of
5 by
Andreas Pedersen from
Default intrusion prevention engine helps identify malicious code and prevent it from being pushed into the system
What is our primary use case?
We helped a customer to configure a new data center network. We provided the core firewalling. Between virtual routing instances, or virtual networks, we had two Firepower 2130s in HA. We did the routing and firewalling between the VRS and, in the same data center, we have an internet edge firewall also set in HA that provided the routing and firewalling to the internet and to Azure. In the same data center we had two ASAs for out-of-band management. If an error occurred in the data center, we could VPN into the ASA and troubleshoot the routing issues in the data center.
How has it helped my organization?
I have customers that have migrated from Cisco ASA to Cisco Firepower. They have benefited from the change because they have much more visibility into the network. An ASA is often used as a Layer 3 to 4 firewall. We allow networks and ports. But a Firepower firewall has the default intrusion prevention engine, so you can allow it to https on port 443, but it can also look into the packet, with deep packet inspection, and see if there is malicious code that is trying to be pushed into your system. It's a much more secure product than just having a Layer 3 to 4 firewall. It is a Layer 3 to 7 firewall.
We also use Cisco Talos, and when we configure a Firepower, we set the automatic update to get the latest vulnerabilities and databases, Snort rules, geolocation database, and security intelligence from Talos. Our customers aren't benefiting directly from Cisco Talos, but they are benefiting from having a product like Firepower that has connections to Talos.
The dynamic access policy functionality, and the fact that in Firepower 7.0 the feature has one-to-backward compatibility with the Cisco ASA Firewall, is a game-changer. Our customers have begun to transition from Cisco ASA to Cisco Firepower and because they get this capability, there are more and more VPN features. And when they shift from ASA to Firepower, they go from Layer 3 to Layer 7 visibility, instead of only going from Layer 3 to 4. They gain through the visibility they get from a next-generation firewall. They get more visibility and a more secure solution.
What is most valuable?
For Firepower the most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable.
For ASA, the most valuable feature is definitely the remote access VPN solution. The AnyConnect solution is very scalable and stable—there are no errors or flaws—which is necessary in today's world when we're all working remotely. The remote access VPN for ASA is very good.
When it comes to application visibility and control, both ASA and Firepower can provide them but the AVC feature is mostly used in Firepower. You can allow or disallow many applications through Firepower, through the access control policy.
If you configure Firepower correctly, it is good when it comes to threat visibility. It is proficient. It is the state of the art when it comes to blocking threats, network-wise. If you use it with an SSO encryption, and use your own features, blacklists, security intelligence, intrusion prevention, and access control points—if you are using it with every feature—Firepower can block most threats on your network. But it can't stand alone. It is necessary for the clients to have AMP for Endpoints, Cisco Umbrella, and Cisco ISE. If you're using Firepower as a standalone device, it can block, say, 20 or 30 percent more than the ASA can. But if you're using all of the security features from Cisco, you get much more security. It's like an onion's layers. The more layers you have, the more protection you have.
The ease of use with the new version of Firepower is more or less the same when compared to other versions of Firepower. But the dashboard has received a refresh and it's easier to use now than before. Overall, the ease of use has been increased.
What needs improvement?
On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it.
Firepower Management Center is slow. It could be better. And the Firepower Device Manager doesn't have all the features that the ASA has, and that's despite the fact that it's almost the same product. Cisco could use many more features from ASA in Firepower Device Manager.
For how long have I used the solution?
I have used Firepower for two years and I have worked with all Firepower models: Firepower 1000 Series, 2000 Series, Firepower 4000. I have never had my hands on a Firepower 9300, but it's mostly the same as the 4000 and 9000 Series. I have also used Firepower Management Center, virtual, the 1000 Series, and the 1600. I have also used Firepower virtual devices, the Firepower Next-Generation Firewall Virtual (NGFWv).
I was using Firepower 7.0 for around 10 weeks on a beta program. I was using it more or less every other day. I have been using it quite a lot.
What do I think about the stability of the solution?
If you stay on the recommended releases, Firepower is very stable. Cisco has had a lot of trouble and issues with Firepower since they acquired Sourcefire, and some of the issues or problems are still there. But if you stay on the recommended releases you shouldn't hit that many errors or bugs. It can be stable, but it can also be very unstable if you jump on the newest release every time.
What do I think about the scalability of the solution?
Firepower scales well if you have the 4100 Series or 9300 Series. They can scale and you can cluster the devices. Otherwise, you can only add one device, but that's more for the small customers. But if you get up to the high-end series of Firepower, it scales very well.
We have customers that have 100 or 200 clients but we also have customers that have 20,000 endpoints. They are using several different appliances. Two devices for internet edge, two devices for core infrastructure, and two devices for VPN. We help customers of all sizes.
How was the initial setup?
First you have to configure the Firepower Device Manager, or Firepower Management Center. When you bootstrap it or do the initial config, you type in the IP address, host name, and DNS. When you have the IP configuration in place, you can log in to the Firepower Management Center and start building policies that suit your needs. When you have all the policies, you can add or join Firepower devices to the Firepower Management Center. After adding the devices to the Firepower Management Center, you can then apply the policies that you built in the first place, through the devices, and that will affect the behavior on the devices.
Which other solutions did I evaluate?
ASA is best for VPN solutions, site to site, remote access VPN. It's for everything that is connected with VPN solutions. For every other feature, Firepower is better. While Firepower is getting better for VPN, it's not where it should be yet.
I have tried configuring Zyxel firewalls. I have never logged in to Check Point or Palo Alto. From my point of view, Firepower is better than Xyxel when it comes to application visibility and control.
I did use competitive solutions many years ago, so things might have changed with them. But I would say that Cisco Firepower is a bit more complicated if you are an inexperienced user. If you are setting up a firewall for the first time, other vendors have an approach that makes it easier. Cisco Firepower it's more detailed and you can do more complicated configurations than you can with some competitors. It is easier for us to approach customers with Cisco Firepower, because we can do more detailed configurations compared to what customers can get from other vendors.
With SecureX, you can get more value out of the product, especially if you're using all the security features from Cisco. In that situation, you will definitely get more out of SecureX. When you do that you can integrate all of your Cisco products into SecureX and you can correlate all the data in one place, with a single pane of glass. In that way, you get a lot more value for money with Cisco Firepower and SecureX. You will get the full value if you combine it with other products, but if you only have Cisco Firepower then SecureX will not provide that much added value.
What other advice do I have?
Have a plan. Find out how much bandwidth and throughput you need before you implement it because if you don't scale it well from the start, it can slow down your environment. Keep in mind that it adds so much security that the total data throughput can take a hit.
We have many customers, but in general, many of our customers are using all the tools they can to secure their infrastructure, such as AMP, Umbrella, and Firepower. Many companies are doing what they can to secure their network and their infrastructure. But there are also customers that only have a firewall. In today's world that's not enough to secure the network at all, but that's a decision the customer has to live with. We have tried to push them in the right direction. But the majority of our customers have a secure infrastructure.
The other Cisco products or services our customers are using in conjunction with their firewall include AMP, AnyConnect, cloud mail Email Security Appliances, Cisco ISE, and Web Security Appliances. We are only a Cisco partner. We don't do HP or Check Point or Palo Alto, so our customers do have a lot of Cisco features. For regular use, the integration among these Cisco products is pretty easy, but I...
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:Partner
Date published: 2021-02-11T00:00:00-05:00
Rated 5 out of
5 by
reviewer1309845 from
Stable and scalable with very responsive technical support
What is our primary use case?
The way we've installed Firepower was for the migration process. For example, there was a data center consolidation, and therefore we had to move everything. We offer data center products to our customers across VPN funnels. We had to move away from older ASAs, so it's a lift and shift. We move older ASAs, which were dispersed in many sites, and we consolidated a couple of services in a single site. Firepower was left there in place. I came in and I took over the administration duties, and now I'm trying to put everything together in a way that it makes sense.
With Firepower, they have better hardware. It's fitted for more throughput, more load. I'm trying to centralize service delivery on this high-availability pair and move all the remote access to Firepower. Then, it's all part of a transition process from a hybrid cloud to a full cloud deployment on a cloud provider. It's mostly just a necessary pain, until we move away from our on-prem deployments. Currently, I'm working with Azure, etc. and I try to look at the main design of the whole process, even though it's going to take two years.
COVID has also made everything very, very slow for us as we try to move away from our initial plan.
What is most valuable?
The 2100 models are extremely useful for us.
It's got the capabilities of amassing a lot of throughput with remote access and VPNs.
What needs improvement?
They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me.
For how long have I used the solution?
We've been using the solution for about a year.
What do I think about the stability of the solution?
The solution is pretty solid in terms of stability, however, I prefer Palo Alto. For the enterprise world, it's better to have Palo Alto. For the service provider field, Firepower is quite well suited, I'd say. That said, Palo Alto, is definitely the enterprise way to go. For a smaller deployment, you can also go with FortiGate. It's simple, however, it works for smaller offices.
What do I think about the scalability of the solution?
The scalability of the product is pretty good. If you need to expand it, you can do so with relative ease.
How are customer service and technical support?
The technical support is amazing. They do reply quickly, and often within an hour. It's been great. I've worked at Cisco before, however, with the type of contract we are in, I find it super fast right now. We're quite satisfied with the level of support.
What's my experience with pricing, setup cost, and licensing?
I don't have any knowledge as to what the product costs. It's not part of the business I deal with.
Palo Alto, it's my understanding, is a little more expensive, however, it depends on the users and on the design. It always depends on the contract
What other advice do I have?
We're just customers. We don't have a business relationship with Cisco.
It's a solid, reliable product, however, if it's right for a company depends on the use case and the size of the organization. For a startup, this might not be a suitable option.
Overall, I'd rate this solution nine out of ten. As a comparison, if I was rating Palo Alto, I would give it a ten out of ten.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2020-11-28T00:00:00-05:00
Rated 5 out of
5 by
Guillermo Fernandez from
Good integration with helpful technical support and very good administration capabilities
What is our primary use case?
I often work with financial sector companies such as banks as well as retail organizations.
What is most valuable?
The solution offers very easy configurations.
The administration of the solution is very good.
The product integrates well with other products.
What needs improvement?
The initial setup can be a bit complex for those unfamiliar with the solution.
There are better solutions in terms of border security. Palo Alto, for example, seems to be a bit more advanced.
The cost of the solution is very high. Fortinet, as an example, has good pricing, whereas Cisco has very high costs in comparison.
For how long have I used the solution?
We've used the solution recently. We've used it at least over the last 12 months or so.
What do I think about the stability of the solution?
The stability of the solution is pretty good. I don't recall having issues with this aspect of the solution.
What do I think about the scalability of the solution?
This particular product does not have high availability and therefore scalability is limited.
You need a pretty sizable solution for a center.
We have about 300 clients using this solution, and therefore the amount of people on the solution is very high, however, I don't have the exact number of users across all clients. For solutions providers, we have IT solutions for maybe around 5,000 users.
How are customer service and technical support?
I have experience working with technical support from Cisco. It's very easy to contact them and talk with them. There were times we worked using email, for example, for communication. We also worked with Cisco engineers in Mexico directly. We're very satisfied with the level of service so far.
Which solution did I use previously and why did I switch?
We also work with Fortinet and Palo Alto, for example. As a reseller, we work with many solutions.
How was the initial setup?
I did not directly implement the solution. I don't have the right type of expertise. You need to know a bit about what you are doing, otherwise, the initial setup is a bit complex.
You may need, for example, a separate management device for this kind of solution. It's quite difficult to handle if you don't have in-depth knowledge.
What's my experience with pricing, setup cost, and licensing?
The cost of the solution is quite high. It's very expensive compared to other options. For example, Fortinet is much more reasonably priced.
What other advice do I have?
I am working for a Cisco seller in Mexico, and we have a relationship with Cisco. We are a gold partner. We ensure that the development is of the proper sizing for our clients.
I would rate the solution at a nine out of ten. We've had a very good experience so far. The only downside is that it's not as advanced as, for example, Palo Alto. That said, if you have the right skills to manipulate the configuration capabilities, Cisco is quite good.
Which deployment model are you using for this solution?
Public Cloud
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2021-02-02T00:00:00-05:00
Rated 5 out of
5 by
Muhammed Eslami from
Powerful features include Snort and IPS, it is easy to deploy, and the technical support is good
What is our primary use case?
We are a solution provider and Cisco NGFW is one of the products that we implement for our clients. My clients use it for internet access within the enterprise.
What is most valuable?
I like the firewall features, Snort, and the Intrusion Prevention System (IPS).
What needs improvement?
This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI). Cisco's FTD devices don't support the command-line interface and can only be configured using FMC.
For how long have I used the solution?
We have been using this product for the past four years.
What do I think about the stability of the solution?
This is a stable product and we plan to continue implementing it for clients in the future.
What do I think about the scalability of the solution?
Cisco NGFW is a scalable firewall. My client has more than 100 users.
How are customer service and technical support?
We have support from Cisco's TAC, the Technical Assistance Center, and they support this product well. We haven't had any issues with them.
Which solution did I use previously and why did I switch?
Prior to the Next Generation firewall, my clients were using Cisco ASA for more than 10 years.
How was the initial setup?
The initial setup is easy, with the installation and configuration taking about two hours.
What about the implementation team?
I did the deployment myself.
What's my experience with pricing, setup cost, and licensing?
This product requires licenses for advanced features including Snort, IPS, and malware detection.
What other advice do I have?
In summary, this is a good product and I recommend it.
I would rate this solution a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclaimer: My company has a business relationship with this vendor other than being a customer:Implementer
Date published: 2020-11-14T00:00:00-05:00
Rated 5 out of
5 by
Javed Hashmi from
Provides excellent integrations and reporting
What is our primary use case?
Our primary use case is as a data center firewall for internet firewalls and also as a VPN concentrator. I'm the chief technology officer and we are partners of Cisco.
What is most valuable?
In terms of features there hasn't been much improvement but it's a very stable solution and a very good firewall with almost all of the features required for next generation firewall purposes. Almost all the firewalls on the market have the same features available, but if you take into account the integrations and reporting of Cisco, it's a little better than the others. In particular, the briefing reporting is better. With Fortinet we would probably have to use Forti Analyzer as a separate reporting module for Fortinet, but here the reporting is good.
What needs improvement?
There needs to be an improvement in the time it takes to deploy the configurations. It normally takes two to four minutes and they need to reduce this. The deployment for any configuration should be minimal. It's possibly improved on the very latest version.
An additional feature I would like to have in Firepower would be for them to give us the data from the firewall - Cisco is probably working on that.
For how long have I used the solution?
I've been using this solution for close to five years.
What do I think about the scalability of the solution?
The scalability is very good.
How are customer service and technical support?
We generally provide support but if we're not able to resolve an issue, we escalate it to Cisco and they're great. They are one of the best support services I've used and it's one of the reasons Cisco is doing so well in the market.
Which solution did I use previously and why did I switch?
I also work with Fortinet and Palo Alto. Fortinet is also a really good product but Cisco is a leader in next generation firewalls and now that they are catching up to Fortinet, they have provided a lot of features and flexibility. I personally see Cisco as being good for large enterprise companies and Fortinet is better for families as well as small and medium size businesses. When it comes to Palo Alto, the high price point is one thing that is an issue, some companies are unable to afford it. Palo Alto is good but Cisco is catching up to them and I believe in a year or two, Cisco will probably match Palo Alto as well and be much better.
How was the initial setup?
The initial setup is not too complex, but as with Fortinet, they have some detailed steps required which adds to the flexibility also. With flexibility comes a bit of complexity, but it's not too bad. Deployment time takes a few minutes. I am responsible for implementation and maintenance for our clients. We were previously deploying only for medium or large enterprise companies but Cisco has come up with the 1000 and 1100 series firewalls for smaller companies which is pretty good. They're a cost-effective solution and competitive in the market.
What's my experience with pricing, setup cost, and licensing?
Cisco falls somewhere in the middle in terms of pricing, it's not very expensive and it's not very cheap. There is an additional accessory fee associated with Cisco but normally they have a separate subscription cost for different types of security to protect the firewall. There are separate bundles available inside the pricing and that's probably true for all of the firewalls.
What other advice do I have?
Cisco is a large, good and reliable firewall. They are working on advanced features and catching up with the leaders in the market. I believe that's a score for them. A yearly subscription is cheaper than Palo Alto and Fortinet offer. They provide good support and once it's loaded, it doesn't give a lot of problems, that's very important.
I would rate this solution an eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2020-11-12T00:00:00-05:00