IT Central Station is now PeerSpot: Here's why
Buyer's Guide
Firewall Security Management
June 2022
Get our free report covering AlgoSec, Palo Alto Networks, Tufin, and other competitors of Cisco Defense Orchestrator. Updated: June 2022.
610,229 professionals have used our research since 2012.

Read reviews of Cisco Defense Orchestrator alternatives and competitors

PeerSpot user
Lead Program Manager at a computer software company with 10,001+ employees
Real User
Top 5
Flexible, scalable and very user friendly
Pros and Cons
  • "You don't need an overly experienced workforce to handle Palo Alto. It's very easy to use."
  • "They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime."

What is our primary use case?

We primarily use the solution for automation purposes and for security.

What is most valuable?

The underlying technology is very good, considering that we are moving to a work-from-home environment.

Panorama is a straightforward tool. Palo Alto is comparative to other firewalls. Some firewall tools are more user friendly, and, from a technical perspective, it is very user friendly as well. It's not like Check Point. We use a setup for offshore development centers. For all those ODCs, we usually use a Palo Alto device. We have few perimeter firewalls which are Palo Alto but for the perimeter predominantly we use Check Point.

You don't need an overly experienced workforce to handle Palo Alto. It's very easy to use.

The solution if extremely flexible and scalable.

What needs improvement?

There are too many OS upgrades. We've had six new versions in the past six months. Even if they are updating it to fix bugs, it's hard to keep pace with the change when you have 800 or more Palo Alto devices that you now need to update and upgrade.

We try to follow version minus one or two for security reasons. To keep pace with the changes, it takes us nearly six months as we have to check with the business, arrange downtime, and count and cover all devices.

These upgrades aren't just little fixes either. Whenever there is a new release, it requires an OS upgrade. It would be nice if there was some automation on the upgrades of the devices.

They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime.

For how long have I used the solution?

We've been using the solution for close to seven years at this point. It's definitely been about six years.

What do I think about the stability of the solution?

The solution is very, very stable. There aren't too many issues on it once you get it up and running. We consider it reliable.

What do I think about the scalability of the solution?

The solution is very scalable. If a company needs to expand its services, it can do so rather easily.

We have different businesses running inside the organization. We have close to 800 devices, so it means about 800 different projects are using those devices. Each project has a firewall, so most of these, 80%, are on Palo Alto.

Which solution did I use previously and why did I switch?

We use Check Point as well, however, we don't really like it as much. It's not as user friendly.

Prior to this solution, we were using the ASA products and then Check Point. Check Point is a little complicated. I can use Check Point on my perimeter firewall, but not on my overseas businesses. That's what makes Palo Alto is more user friendly. I can use the GUI to do everything due to the fact that I don't need a skilled person to work on the Palo Alto. On Check Point, I have to go to CLA and do all the changes. 

 It's easy to upgrade or to do anything with the Palo Alto. Technically it's quite sound. It's dynamic, scalable, and there's a lot of things that can be done easily. Plus, I don't need an extremely experienced person to work on Palo Alto. Anybody with two or three years of experience can easily work on a Palo Alto device.

How was the initial setup?

The initial setup is not complex. It's pretty straightforward.

The deployment is easy and uncomplicated. It takes about an hour or so, if not less than an hour. It's pretty quick.

However, we have 800 or more devices. It takes about six months to deploy everything, especially if I have to do everything manually.

We have eight to ten people who manage deployment and maintenance.

What about the implementation team?

We haven't used an integrator or reseller. We handled the implementation ourselves in-house.

What's my experience with pricing, setup cost, and licensing?

In terms of licensing for Panorama and Palo Alto products, we have only the DMC cost and we are billed every year.

It's not overly expensive. It is comparatively okay if you look at other devices. Compared to the top three devices, pricing is okay due to the fact that you have multiple vendors who are selling firewalls and competing with each other for the same clients. 

What other advice do I have?

We're just a customer. We don't have a business relationship with the company.

We have multiple variants of the solution's model. Currently, we are using 8.1.15-H. We also have some virtual firewalls that are recently in Tokyo. We are using close to around 800+ Palo Alto firewalls. 

We're currently developing our virtual firewalls and have them in different locations. 

It is not just Palo Alto. We have other devices as well, so we have close to around 1300 plus firewall devices.

I would recommend the solution to others.

I'd rate the solution eight out of ten. If you need a perimeter type of device, Check Point may be a better option. However, for my businesses, I would choose Palo Alto due to its scalability and user-friendliness. It also has great security features. That said, if it didn't release so many new updates, I would rate it higher, simply due to the fact that so many upgrades requires a lot of work on our part.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
IgnitiusMolepo - PeerSpot reviewer
Senior IP Network Defense at a comms service provider with 10,001+ employees
Real User
Top 10
The hub-and-spoke setup is useful because I can manage security from where I am, while the IT engineers in branch offices can handle it on their end.
Pros and Cons
  • "FortiGate Cloud has many features that we like. For example, we're using it for security incident management, threat intelligence, and vulnerabilities check. It's integrated with several Fortinet tools like FortiAnalyzer and FortiSandbox controlled through FortiManager."
  • "When we're upgrading, it's sometimes quite challenging, especially firmware. We usually don't upgrade unless we have a bug, and we still feel it's not safe to react instead of being proactive. We often have some delays when updating FortiGuard, too."

What is our primary use case?

FortiGate Cloud is used for web application firewall, DDoS protection, intrusion prevention, and indicator of compromise in conjunction with the FortiAnalyzer. There are much more functions, including an IP firewall.

What is most valuable?

FortiGate Cloud has many features that we like. For example, we're using it for security incident management, threat intelligence, and vulnerabilities check. It's integrated with several Fortinet tools like FortiAnalyzer and FortiSandbox controlled through FortiManager. 

We also find Fortinet's hub-and-spoke setup useful because I can manage security from where I am, while the IT engineers in branch offices can handle it on their end.

What needs improvement?

When we're upgrading, it's sometimes quite challenging, especially firmware. We usually don't upgrade unless we have a bug, and we still feel it's not safe to react instead of being proactive. We often have some delays when updating FortiGuard, too. Nevertheless, I believe that it's okay most of the time with proper management.

We also run into some problems using FortiGate as a UTM solution. I feel like maybe they're not giving me a full view of the other components that they have in that box. Their box has some DDoS defense, but I need complete DDoS protection. I must not have light DDoS protection on other UTM boxes because if I'm uncertain about the security posture, it will compromise me. We like having everything in one box because running multiple boxes eats up more resources on the computing level. We need a total solution, not half-half.

For how long have I used the solution?

I've been using FortiGate Cloud for two years.

What do I think about the stability of the solution?

FortiGate is highly stable. It's one of the most powerful tools I've ever used. For example, it quickly synchronizes with our ATP. No security will ever be 100 percent, but I can say that we have a baseline when using FortiGate. You have at least 80 percent of the security you need.

What do I think about the scalability of the solution?

FortiGate is scalable and robust. I'm working at a huge company. So I'm able to take over the traffic from all over Africa. We have around 45,000 users, including about 20,000 in South Africa, where I'm based. We also have users in Cameroon, Ghana, and Nigeria.

How are customer service and support?

Fortinet support has capable engineers who will be patient with you. If you want to learn something, they will explain it to you and refer you to links where you can read more on your own after they have solved the problem. 

Maybe the service is good because we pay for managed security services. I've never had an issue with them. I rate Fortinet support 9 out of 10 because nothing is 100 percent.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I worked with Cisco firewalls in the past. All of them are powerful, but I prefer Fortinet because it's more user-friendly. Cisco is quite challenging and requires more skills, practice, and study. 

On the other hand, I like that Cisco is a managed service, and their services are quite good. They're willing to go the extra mile, but I can say that FortiGate's support is even better than Cisco's.

How was the initial setup?

FortiGate is straightforward to implement and configure. It doesn't require any special qualifications. You just need to practice it a bit, but it's not hard to understand. You can use a GUI or a command line if you prefer that. The command line isn't user-friendly, but the GUI is excellent. I would give the GUI a perfect 10, but I would only rate the command line interface six out of 10. 

The solution does require some staff to deploy and maintain, but it's not that many. African countries don't have a lot of people with cybersecurity skills, so it's challenging when we get an issue from that side. That's why we end up deploying a mobile hub strategy. We are supplying the skills that they may not have the branch offices. Four people are enough to manage the whole empire.

What's my experience with pricing, setup cost, and licensing?

We have a yearly license because we have a huge environment, so we need to upgrade regularly. We do it annually because quarterly updates would overwhelm the staff. Cisco was doing it at half-year intervals. 

What other advice do I have?

I rate FortiGate Cloud eight out of 10. FortiGate is a good solution. It's powerful and has almost everything you need from a security perspective. The issue with Cisco FirePOWER is that you must buy the FirePOWER box. When you need DDoS, you have to buy a separate box. With Fortinet, everything is in one box. You just buy the license and let it run.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Presales Network & Security Engineer at a tech services company with 51-200 employees
Reseller
Top 5Leaderboard
User-friendly, intuitive, easy to set up, with good monitoring and support
Pros and Cons
  • "It allows administrators to visualize the traffic flow, and troubleshoot when necessary."
  • "They need to offer more support to vendors, such as Cisco, Checkpoint, Fortinet, and Forcepoint."

What is our primary use case?

The primary use case of this solution is for monitoring, automation, policy orchestration, and security.

What is most valuable?

The most valuable feature is the monitoring. I quite enjoy the monitoring this solution provides. It allows administrators to visualize the traffic flow, and troubleshoot when necessary. It's a useful tool.

The interface is quite user-friendly and intuitive.

What needs improvement?

The cost of this solution should be improved.

They need to offer more support to vendors, such as Cisco, Checkpoint, Fortinet, and Forcepoint.

They have an API, but it needs more service on this.

While technical support is good, they could still improve.

For how long have I used the solution?

I have been working with Tufin for one year.

What do I think about the stability of the solution?

It's a stable solution. There are some bugs that they are working on but that is common with any vendor.

They do mention that they don't support specific features from Nexus for some automation but it does actually work, although it is not listed as working.

How are customer service and technical support?

Technical support is relatively good. They are not the best but they are good.

They could improve but they do respond with accurate responses.

How was the initial setup?

The initial setup was straightforward. It was deployed in less than an hour.

The first time without training, it took an hour or so, but it was quite easy.

What's my experience with pricing, setup cost, and licensing?

It's quite an expensive solution.

What other advice do I have?

I would recommend this solution to others who are interested in using it.
I have not worked with any other vendors with this type of solution, for example, FireMon. I haven't worked with it. 

I would recommend it specifically to start with a secure track, which is a monitoring tool. Once the customer sees it, they want the solution. Afterward, for automation and secure change.

I would rate Tufin an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Systems Administrators at a tech services company with 201-500 employees
Real User
Top 5
Stable, good support, and good IPS capabilities

What is our primary use case?

I use Cisco Secure Firewall Management Center to manage my perimeter firewalls and my data center firewalls.

What is most valuable?

The most valuable feature of this solution is the intrusion prevention system.

What needs improvement?

The initial setup could be simplified.

The interface is an area that could be improved.

Monitoring live events or event logging needs improvement as well.

For how long have I used the solution?

We are using version 664.

What do I think about the stability of the solution?

It's a pretty stable product.

What do I think about the scalability of the solution?

We have 20 people using this solution in our organization.

How are customer service and technical support?

The support is good. They are always good.

I would rate technical support an eight out of ten.

Which solution did I use previously and why did I switch?

We also use Fortinet products.

How was the initial setup?

The initial setup is midway complex and straightforward.

The deployment in a large environment took a week approximately.

We have a team of two staff members to maintain and deploy this solution.

What about the implementation team?

We completed the installation in-house. We did not use an integrator or reseller.

What other advice do I have?

I would rate Cisco Secure Firewall Management Center an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Firewall Security Management
June 2022
Get our free report covering AlgoSec, Palo Alto Networks, Tufin, and other competitors of Cisco Defense Orchestrator. Updated: June 2022.
610,229 professionals have used our research since 2012.