We changed our name from IT Central Station: Here's why
Information Security and Compliance Manager at RSwitch
Real User
Top 10
Gives us a central point for applying rule changes, rather than logging in to each device
Pros and Cons
  • "Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
  • "We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."

What is our primary use case?

We are a payment switch and we deal with cardholder data and information. Our primary goal is to ensure the security of customers' payment data, that they are protected.

Our security maturity is now at a good level compared to the past. To be accepted to drive Visa and Mastercard, you have to pass security assessment audits and we have managed to pass all of them now, for some years.

Apart from our firewall, we have three security tools. We have a NAC, we have a SIEM, and our syslogs.

How has it helped my organization?

It's easy now because we have many Cisco devices in a central point. We don't need to log in to each device and apply rules to them. We can do it from the management control and apply them to the specific firewalls that we want to apply them to.

In addition, compared to our previous firewall solution, the security is much better. Through our monitoring, we now see all the information that we require on security, in terms of PCI. We can see exactly what is happening in our environment. We know what is going, what is going in and out. If an incident happens, it provides a notification so that we can do an analysis.

What is most valuable?

Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches.

Another important feature for us is user access. Now, we can base access on rules and specify that this or that user has privilege on the NG firewall. That was not available before. 

The IDS also makes it easy to detect abnormal traffic. When it sees such traffic in the environment, it sends a notification.

For how long have I used the solution?

We have been using Cisco Firepower NGFW Firewall for about two months.

What do I think about the stability of the solution?

The solution is stable. It's not hanging. With the firewalls from Cisco we are not facing a situation where devices are hanging because of too much traffic.

What do I think about the scalability of the solution?

The scalability is fine.

How are customer service and support?

We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond.

Which solution did I use previously and why did I switch?

We migrated from Cisco AC520 to the Cisco NGFW. We have also used HPE and IBM switches, as well as FortiGate firewalls. We are now completely Cisco.

Previously, we were also using AlienVault and it was easy to integrate with Cisco devices.

How was the initial setup?

The initial setup is 50/50, between straightforward and complex. Migrating from Cisco to another Cisco product is okay, but migrating to Cisco from other network devices, like an IBM switch, is a bit tricky. You can't test the configuration to see if it's the same as what you're going to. But we managed with support from Cisco.

It took a month to complete the deployment.

Our implementation strategy was based on not upgrading everything at the same time. It was phased. We deployed a specific device and then we monitored everything to make sure everything looked okay, and then we moved on to the next one.

It requires a minimum of two people for deployment and maintenance, from our network and security teams.

What about the implementation team?

We used internal resources with support from Cisco.

What was our ROI?

We have gotten exactly what we're looking for, based on the company's requirements.

What's my experience with pricing, setup cost, and licensing?

The pricing is high.

Which other solutions did I evaluate?

Cisco NGFW's ability to provide visibility into threats is good compared to other solutions. The visibility is quite impressive and gives us what we're looking for, based on our security requirements.

What other advice do I have?

The scalability, the performance of the devices, the features, and the support, when looking at them combined, make the product a nine out 10.

We're planning the deployment of Cisco ISE soon, to be like our NAC.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Rifat Hyseni
Director of Information Technology at a government with 501-1,000 employees
Real User
Top 20
Provides us with application visibility and control
Pros and Cons
  • "When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."
  • "The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."

What is our primary use case?

We are a large company in the country in which we operate. We are a government agency dealing with taxes and we provide services for all taxpayers within the country. We have services for internal users, as well as services for public users. The main reason we use these firewalls is to protect our environment and to provide our services efficiently so that we are up and running 24/7.

Our solution is deployed in a private cloud. Everything is hosted in our environment and provided as cloud services. We are in the process of moving our infrastructure from the previous environment to the new environment where Cisco firewalls are installed.

In terms of our security maturity as an organization, we are young. In fact, we are young as a country. We have been providing electronic services for more than 10 years for our clients. We have a huge number of clients, with over 120,000 users who subscribe to our system and who access our services on a daily basis or, at a minimum, three to four times per year.

We use a few tools for security in terms of management, both internal and external, but we are mainly relying on Cisco. Our network is based on Cisco, and we also protect our mail system with Cisco. Previously, and in parallel, we used Sophos next-generation firewalls.

What is most valuable?

The solution provides us with application visibility and control and, at this stage, we are happy with it. Similarly, we are very happy with Cisco Firepower Management Center. We're still at an early stage, but we haven't seen any problems with the Cisco products. We are still switching on features and looking at how they are working.

When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well.

We also believe that Cisco is updated about all security issues and threats and efficient enough to provide us with the features and protection we need.

For how long have I used the solution?

We just installed them recently. We started installation at the end of 2020 and we completed it this month, April 2021.

What do I think about the stability of the solution?

It's still early, but we believe the stability is alright.

What do I think about the scalability of the solution?

The scalability of the solution is better than the other firewalls we have, due to technical features. Our technicians have realized that this is much more scalable compared to other solutions.

How are customer service and technical support?

So far, the technical support has been excellent.

How was the initial setup?

The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough.

We did a proper implementation plan according to the complexity of our network and our requirements. Then we used the best method for implementing it while mitigating our risks and meeting our requirements. We found a good way to implement it.

The setup took us two calendar months, but in terms of the actual time required to configure it, it was not so long. The setup took approximately as long as for other firewalls we have used.

What was our ROI?

It's hard to talk about ROI when it comes to security, but security now is expensive. You have to pay for it.

What's my experience with pricing, setup cost, and licensing?

For us, the pricing was more economical than other products we used. There were no extra costs.

Which other solutions did I evaluate?

We evaluated a lot of the providers: Juniper, Palo Alto, Check Point, and Fortinet. Our technical team really researched things for a considerable amount of time, and they came up with a decision that this would be the best.

Cisco was chosen because there were many features according to assessments made by other users and as noted in technical data sheets we looked at during the research. They came up with a few features which are better than what other products have. 

Also, especially when you have been a long-time user of Cisco products and services, we found that from a budget perspective it was going to be much more preferable than the others.

What other advice do I have?

We are very satisfied with the service and the product. I don't think that any product would be better than Cisco when it comes to next-generation firewalls.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Cisco Firepower NGFW Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
563,148 professionals have used our research since 2012.
Senior Systems Engineer at a tech services company with 201-500 employees
Real User
Helpful in creating policies for fast-changing environments and provides good visibility and protection
Pros and Cons
  • "Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
  • "The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."

What is our primary use case?

We use it to segment the east and the west traffic in our data center. We also use it on the internet edge and for VPN termination.

We use its multiple versions. We use the virtual and the physical ones. We have multiple Cisco Firepower 9300, and we also have a few Cisco Firepower 4100.

How has it helped my organization?

It helps in protecting against threats from outside and within our data center. With the enhancement in the newest version 7.0, visibility is where we always wanted it to be. The introduction of the Unified Events feature really helps us out daily.

It enables us to implement dynamic policies for dynamic environments. With the recently added Dynamic Attributes feature, we are able to create more dynamic and fast-changing policies. In our data center, workloads tend to go up and down very quickly, and that's why dynamic policies are important. Because the workloads in our data center are fast-moving, we need to be able to change our firewall policy accordingly and quickly. That's what makes it a very important feature for us.

Snort 3 IPS allows us to maintain performance while running more rules. Our performance has
definitely increased after migrating to Snort 3. Rules are easier to implement. We also like the underlying antivirus advancements that they made with the new architecture, which increases its benefit for us.

What is most valuable?

The VPN and the login enhancements that were introduced in version 7.0 are invaluable to us. That was something that was missing before. 

Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch.

It is good in terms of the overall ease to use in managing it. Some of the things need some tuning, but overall, it is good.

What needs improvement?

The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs.

For how long have I used the solution?

I have been using this solution for about six years.

What do I think about the stability of the solution?

Its stability is quite good. We couldn't find any issues.

What do I think about the scalability of the solution?

Its scalability is very good due to clustering. 

In terms of our plans to increase its usage, it has everything we need. We don't plan to add anything more because it has all that we need as of now.

How are customer service and technical support?

Their support is not perfect. Sometimes, you get the feeling that some of the support engineers don't have a deep knowledge of the product, but there are some engineers who are able to help.

Which solution did I use previously and why did I switch?

Most of our clients were on Cisco ASA.

How was the initial setup?

I wouldn't call it extremely straightforward, but I wouldn't call it complex either. Its deployment took about a day.

In terms of the deployment strategy, we create our deployment plans for ourselves and our customers. The deployment plan depends on the environment.

What about the implementation team?

We deploy it ourselves.

What was our ROI?

It is very hard to say because we don't measure that. It is also very difficult to measure if it has helped in reducing our firewall operational costs.

What's my experience with pricing, setup cost, and licensing?

Its pricing is good and competitive. There is a maintenance cost.

It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities.

What other advice do I have?

Technically, it is a very good firewall, but some improvements need to be done on the management side. I would advise getting a consultant or someone from Cisco to help you in implementing and using this firewall to its fullest extent.

We don't use workload integration as of now. We also don't use its dynamic policy capabilities to enable tight integration with a secure workload at the application workload level. Similarly, we don't use the solution's tags for VMware, AWS, or Azure for dynamic policies implementation in the cloud.

I would rate Cisco Firepower NGFW Firewall an eight out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Cesar Beut
Networking Specialist at a healthcare company with 1,001-5,000 employees
Real User
Top 5
Blocks attacks by providing a security barrier
Pros and Cons
  • "I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
  • "The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."

What is our primary use case?

We use it to configure the perimeter firewalls. In FireSIGHT, we have two firewalls in a cluster with high ability, then we have five firewalls in Offices. We use those firewalls as a perimeter for Offices.

We have all the devices in the Firepower Management Center system. We always work with Firepower devices in Firepower Management Center.

We have offices around the world. We are in Europe, the USA, and South America.

How has it helped my organization?

We have border security with Firepower. We try to curb security issues by using this Firepower firewall.

What is most valuable?

The solution provides us with good working application visibility and control.

I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete.

What needs improvement?

The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.

Three years ago, the Firepower Management Center was very slow. The solution has improved a lot in the last couple of years. It is now faster. I hope that continues to improve. 

For how long have I used the solution?

I have been using it for three years.

What do I think about the stability of the solution?

We have five devices. In Rome, we don't have a technician and didn't work when we started using it. We had to send a technician to Rome to reboot the system. Now, it is stable with no problems. Also, we lost the link to the high availability firewall in our data center. We only had one device there, and Solutel had to solve this issue.

What do I think about the scalability of the solution?

The scalability is great.

We have five devices in four locations.

Three network administrators who work with Firepower, including myself.

How are customer service and technical support?

I usually create an issue with Solutel, then they create a case with Cisco Talos or the Cisco technicians. I am happy with Solutel's support.

How was the initial setup?

We deployed in several cities, but not the same day. 

What about the implementation team?

The initial deployment was done by a Cisco partner, Solutel. Our experience with Solutel was fantastic. They are local partners for us and provided us with great service.

What was our ROI?

We realized that clearly we have issues of security with a lot of attacks. I don't know if it is because with the COVID-19 virus a lot of hackers are at home or working more hours. In the last year, we have seen attacks that are very big, and we need a barrier. So, we use a firewall to block these attacks.

What's my experience with pricing, setup cost, and licensing?

The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case.

Our license for Firepower is their best license.

Which other solutions did I evaluate?

We have FortiGate firewalls, the security of Office 365 from Microsoft, Cisco Umbrella, and Kaspersky Anti-virus. We are also using Cisco ASA, Meraki switches, and a router from Cisco.

The Firepower Management Center tool is very slow. We also have the FortiGate firewalls and these tools for configuring the firewall are faster.

We have to make a change to our devices in South America. We are currently evaluating Cisco Firepower Series 1000 versus FortiGate. Firepower is more powerful than FortiGate, but FortiGate is more flexible and easier to configure. Because of our last issues with Firepower, it is possible that FortiGate is more stable.

What other advice do I have?

It is a very powerful device. Firepower Management Center is a great tool, but it is a bit slow.

We don't have Cisco Umbrella integrated with Firepower. We tested Firepower's integration with Meraki Umbrella, but we don't use it because you need better firmware.

I would rate this solution as an eight (out of 10).

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Javed Hashmi
Chief Technology Officer at Future Point Technologies
Real User
Top 5
Provides excellent integrations and reporting
Pros and Cons
  • "Provides good integrations and reporting."
  • "Deploying configurations takes longer than it should."

What is our primary use case?

Our primary use case is as a data center firewall for internet firewalls and also as a VPN concentrator. I'm the chief technology officer and we are partners of Cisco. 

What is most valuable?

In terms of features there hasn't been much improvement but it's a very stable solution and a very good firewall with almost all of the features required for next generation firewall purposes. Almost all the firewalls on the market have the same features available, but if you take into account the integrations and reporting of Cisco, it's a little better than the others. In particular, the briefing reporting is better. With Fortinet we would probably have to use FortiAnalyzer as a separate reporting module for Fortinet, but here the reporting is good.

What needs improvement?

There needs to be an improvement in the time it takes to deploy the configurations. It normally takes two to four minutes and they need to reduce this. The deployment for any configuration should be minimal. It's possibly improved on the very latest version. 

An additional feature I would like to have in Firepower would be for them to give us the data from the firewall - Cisco is probably working on that. 

For how long have I used the solution?

I've been using this solution for close to five years. 

What do I think about the scalability of the solution?

The scalability is very good. 

How are customer service and technical support?

We generally provide support but if we're not able to resolve an issue, we escalate it to Cisco and they're great. They are one of the best support services I've used and it's one of the reasons Cisco is doing so well in the market. 

Which solution did I use previously and why did I switch?

I also work with Fortinet and Palo Alto. Fortinet is also a really good product but Cisco is a leader in next generation firewalls and now that they are catching up to Fortinet, they have provided a lot of features and flexibility. I personally see Cisco as being good for large enterprise companies and Fortinet is better for families as well as small and medium size businesses. When it comes to Palo Alto, the high price point is one thing that is an issue, some companies are unable to afford it. Palo Alto is good but Cisco is catching up to them and I believe in a year or two, Cisco will probably match Palo Alto as well and be much better. 

How was the initial setup?

The initial setup is not too complex, but as with Fortinet, they have some detailed steps required which adds to the flexibility also. With flexibility comes a bit of complexity, but it's not too bad. Deployment time takes a few minutes. I am responsible for implementation and maintenance for our clients. We were previously deploying only for medium or large enterprise companies but Cisco has come up with the 1000 and 1100 series firewalls for smaller companies which is pretty good. They're a cost-effective solution and competitive in the market. 

What's my experience with pricing, setup cost, and licensing?

Cisco falls somewhere in the middle in terms of pricing, it's not very expensive and it's not very cheap. There is an additional accessory fee associated with Cisco but normally they have a separate subscription cost for different types of security to protect the firewall. There are separate bundles available inside the pricing and that's probably true for all of the firewalls. 

What other advice do I have?

Cisco is a large, good and reliable firewall. They are working on advanced features and catching up with the leaders in the market. I believe that's a score for them. A yearly subscription is cheaper than Palo Alto and Fortinet offer. They provide good support and once it's loaded, it doesn't give a lot of problems, that's very important.

I would rate this solution an eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Lead Network Engineer at a government with 1,001-5,000 employees
Real User
Top 20
Stable and scalable with very responsive technical support
Pros and Cons
  • "It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
  • "They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."

What is our primary use case?

The way we've installed Firepower was for the migration process. For example, there was a data center consolidation, and therefore we had to move everything. We offer data center products to our customers across VPN funnels. We had to move away from older ASAs, so it's a lift and shift. We move older ASAs, which were dispersed in many sites, and we consolidated a couple of services in a single site. Firepower was left there in place. I came in and I took over the administration duties, and now I'm trying to put everything together in a way that it makes sense.

With Firepower, they have better hardware. It's fitted for more throughput, more load. I'm trying to centralize service delivery on this high-availability pair and move all the remote access to Firepower. Then, it's all part of a transition process from a hybrid cloud to a full cloud deployment on a cloud provider. It's mostly just a necessary pain, until we move away from our on-prem deployments. Currently, I'm working with Azure, etc. and I try to look at the main design of the whole process, even though it's going to take two years. 

COVID has also made everything very, very slow for us as we try to move away from our initial plan.

What is most valuable?

The 2100 models are extremely useful for us.

It's got the capabilities of amassing a lot of throughput with remote access and VPNs. 

What needs improvement?

They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me.

For how long have I used the solution?

We've been using the solution for about a year.

What do I think about the stability of the solution?

The solution is pretty solid in terms of stability, however, I prefer Palo Alto. For the enterprise world, it's better to have Palo Alto. For the service provider field, Firepower is quite well suited, I'd say. That said, Palo Alto, is definitely the enterprise way to go. For a smaller deployment, you can also go with FortiGate. It's simple, however, it works for smaller offices.

What do I think about the scalability of the solution?

The scalability of the product is pretty good. If you need to expand it, you can do so with relative ease.

How are customer service and technical support?

The technical support is amazing. They do reply quickly, and often within an hour. It's been great. I've worked at Cisco before, however, with the type of contract we are in, I find it super fast right now. We're quite satisfied with the level of support.

What's my experience with pricing, setup cost, and licensing?

I don't have any knowledge as to what the product costs. It's not part of the business I deal with.

Palo Alto, it's my understanding, is a little more expensive, however, it depends on the users and on the design. It always depends on the contract

What other advice do I have?

We're just customers. We don't have a business relationship with Cisco.

It's a solid, reliable product, however, if it's right for a company depends on the use case and the size of the organization. For a startup, this might not be a suitable option.

Overall, I'd rate this solution nine out of ten. As a comparison, if I was rating Palo Alto, I would give it a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sikander Ali
IT Infrastructure Engineer at Atlas Group
Real User
Top 20
Meets my requirements regarding VPN, perimeter protection, and applications
Pros and Cons
  • "One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
  • "One feature I would like to see, that Firepower doesn't have, is email security. Perhaps in the future, Cisco will integrate Cisco Umbrella with Firepower. I don't see why we should have to pay for two separate products when both could be integrated in one box."

What is our primary use case?

I protect my two servers with the help of Firepower. Both servers are connected to the Firepower and I monitor the traffic to both servers with it. I block traffic from all countries except the USA, for security purposes.

How has it helped my organization?

It meets my requirements regarding VPN, perimeter protection, and applications. I'm comfortable with what Firepower does for me. Firepower is the only security product deployed in my organization.

The Talos team is very expert and does a good job. It is a great achievement by Cisco for Firepower. It analyzes all the websites and viruses that could create vulnerabilities. Talos helps us by providing major protection. They maintain everything and we don't need any other security appliances. In the future, we may go for an email security appliance, but right now Firepower is enough for us. Without the Talos team, the Firepower might not fulfill our requirements.

For example, if I receive an email and it has a potentially malicious link, I can enter the link in the Talos website and it will provide me with all the details about the website link in the email, including which country and IP it is from. I always try to cross-check any potentially malicious links with Talos. It tells me whether I am vulnerable or not.

What is most valuable?

One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses.

It also handles application vulnerabilities. I have blocked some applications in my Firepower. In addition, there are predefined policies that come with the Firepower and I have created my own policies as well.

We also use Cisco switches, the 2920 for Layer 2 and the 3560 for Layer 3. The Firepower is integrated with the 3560. I have configured a gateway on the 3560 and all our traffic goes through the switch and is then passed on to the Firepower. The integration between the two was very easy.

What needs improvement?

One feature I would like to see, that Firepower doesn't have, is email security. Perhaps in the future, Cisco will integrate Cisco Umbrella with Firepower. I don't see why we should have to pay for two separate products when both could be integrated in one box.

For how long have I used the solution?

I have been using Cisco Firepower for two years.

What do I think about the stability of the solution?

It's a very mature product and runs smoothly.

Which solution did I use previously and why did I switch?

Before the Firepower I was using a traditional firewall, the ASA 5510. We went to the Firepower because the 5510 did not have port security, anti-malware protection, or IDS/IPS.

I have seen a lot of events using the Firepower: vulnerability events, countries, and IPs. As a result, I feel I am secure when compared with other firewalls. With my previous firewall, I didn't have the option of blocking a country, website, or IP.

What other advice do I have?

I would advise using Firepower and not other products because other products do not have all the features available in Firepower.

We are looking to integrate with Cisco Umbrella next year and we will integrate our switches and Cisco Firepower with it.

It has been a good investment for my organization and I'm happy to be using it. All its features are good. It's a great firewall for a small business. But you really need to know what you are doing to get the most benefit from it. Overall, I don't think anybody can replace Firepower or Cisco.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ahasan Ahmed
Deputy Manager at Star Tech Engineering Ltd
Reseller
Automated policy application and enforcement free up time for us
Pros and Cons
  • "The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
  • "One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue."

What is our primary use case?

We use it for malware and IPS.

How has it helped my organization?

The automated policy application and enforcement have freed up time for us, on the order of 30 percent.

Also if one Cisco antivirus implementation is the subject of an attack, all other Cisco implementations get that information rapidly, in real time. All the other firewalls are in sync when it comes to malware attacks, through the update of the database. That is good.

The visibility it provides into threats is good. Every day we find lots of malware attacks targeting our network, but they don't get through to the network.

What is most valuable?

The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control.

Cisco Talos is well known around the world and everyone trusts Talos for malware intelligence. It is number one. It is also the most secure for Snort rules. It is more secure than others because its real-time analysis is better.

In addition, Firepower Management Center is helpful. 

We also use Cisco ISE and the integration between it and Firepower is okay.

For how long have I used the solution?

I've been using Cisco Firepower NGFW Firewall for four or five years.

What do I think about the stability of the solution?

It's a stable product.

What do I think about the scalability of the solution?

The scalability is good.

How are customer service and technical support?

Their technical support is good. When my NOC or my engineers have needed support the feedback I've had is that tech support has been good at critical moments. They have given us good service.

How was the initial setup?

There was no issue with the initial setup. It's straightforward because Cisco gives us lots of documentation. It's not a big deal, for me. In four or five years I have deployed 35 to 40 Firepowers for financial organizations and corporate offices.

Which other solutions did I evaluate?

We also use Palo Alto, Fortinet, Sophos, and Check Point.

One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue.

The other issue is the upgrading process, with Cisco. Sometimes, if we use a standalone device we need to create maintenance windows at that time and we need to restart Firepower. But with other vendors, like Palo Alto, there is no need to update in that way.

If they mitigated these two things, Cisco would be number-one in the world in the security domain.

What other advice do I have?

We have not integrated Firepower with Cisco SecureX because it needs IOS 6.6. It's a limitation. If we have an external device, we would need downtime and in a financial organization, management will not allow us the downtime.

In my experience, the deployment procedure with Cisco is not the easiest, it's not plug-and-play. I hope that Cisco will give us that type of implementation.

Overall, I would rate Firepower at eight out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
Product Categories
Firewalls
Buyer's Guide
Download our free Cisco Firepower NGFW Firewall Report and get advice and tips from experienced pros sharing their opinions.