Coming October 25: PeerSpot Awards will be announced! Learn more
Guillermo  Fernandez - PeerSpot reviewer
Security Consultant at IKUSI
MSP
Top 20
Good integration with helpful technical support and very good administration capabilities
Pros and Cons
  • "The solution offers very easy configurations."
  • "The initial setup can be a bit complex for those unfamiliar with the solution."

What is our primary use case?

I often work with financial sector companies such as banks as well as retail organizations.

What is most valuable?

The solution offers very easy configurations.

The administration of the solution is very good.

The product integrates well with other products.

What needs improvement?

The initial setup can be a bit complex for those unfamiliar with the solution.

There are better solutions in terms of border security. Palo Alto, for example, seems to be a bit more advanced. 

The cost of the solution is very high. Fortinet, as an example, has good pricing, whereas Cisco has very high costs in comparison.

For how long have I used the solution?

We've used the solution recently. We've used it at least over the last 12 months or so.

Buyer's Guide
Cisco Firepower NGFW Firewall
September 2022
Learn what your peers think about Cisco Firepower NGFW Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,572 professionals have used our research since 2012.

What do I think about the stability of the solution?

The stability of the solution is pretty good. I don't recall having issues with this aspect of the solution.

What do I think about the scalability of the solution?

This particular product does not have high availability and therefore scalability is limited.

You need a pretty sizable solution for a center.

We have about 300 clients using this solution, and therefore the amount of people on the solution is very high, however, I don't have the exact number of users across all clients. For solutions providers, we have IT solutions for maybe around 5,000 users.

How are customer service and support?

I have experience working with technical support from Cisco. It's very easy to contact them and talk with them. There were times we worked using email, for example, for communication. We also worked with Cisco engineers in Mexico directly. We're very satisfied with the level of service so far.

Which solution did I use previously and why did I switch?

We also work with Fortinet and Palo Alto, for example. As a reseller, we work with many solutions.

How was the initial setup?

I did not directly implement the solution. I don't have the right type of expertise. You need to know a bit about what you are doing, otherwise, the initial setup is a bit complex.

You may need, for example, a separate management device for this kind of solution. It's quite difficult to handle if you don't have in-depth knowledge.

What's my experience with pricing, setup cost, and licensing?

The cost of the solution is quite high. It's very expensive compared to other options. For example, Fortinet is much more reasonably priced.

What other advice do I have?

I am working for a Cisco seller in Mexico, and we have a relationship with Cisco. We are a gold partner. We ensure that the development is of the proper sizing for our clients.  

I would rate the solution at a nine out of ten. We've had a very good experience so far. The only downside is that it's not as advanced as, for example, Palo Alto. That said, if you have the right skills to manipulate the configuration capabilities, Cisco is quite good.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security admin at a wholesaler/distributor with 10,001+ employees
Real User
Used to protect systems against various methods of intrusion
Pros and Cons
  • "This solution helped us to identify the key areas where we need to focus to block traffic that is malicious to our organization."
  • "The application detection feature of this solution could be improved as well as its integration with other solutions."

What is our primary use case?

This solution is a next-generation firewall. We use it to inspect our traffic going through the internet edges. This solution blocks Tor nodes or botnets that try to invade the system using various methods for intrusion. 

How has it helped my organization?

This solution helped us to identify the key areas where we need to focus to block traffic that is malicious to our organization. We can complete a layer 7 inspection and take a deep dive into the packets and block the traffic accordingly.

It took approximately six months to a year to realize the benefits of deploying this solution. It's an arduous process that is still ongoing.

What is most valuable?

This tool offers great value with regard to cyber security due to its integration with different tools like Splunk and other cloud-based solutions.

Within an application, you can block traffic at a granular level instead of relying on HTTPS traffic.

What needs improvement?

The application detection feature of this solution could be improved as well as its integration with other solutions. 

For how long have I used the solution?

I have been using this solution for five years. 

What do I think about the stability of the solution?

There is room for improvement when it comes to stability. We have encountered a lot of bugs using this solution.

What do I think about the scalability of the solution?

This is a scalable solution. 

How are customer service and support?

I would rate the customer support for this solution an eight out of ten. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Check Point. We had an option to connect all of our security products from the endpoint to the firewalls to SASE-based solutions. This is why we changed solutions.

How was the initial setup?

The initial setup is straightforward because it is supported by good documentation. We did not experience many issues and deployment took a couple of months.

We first deployed the solution in monitoring mode before moving into protection mode. We required four or five engineers for this. It takes a lot of time to do any maintenance or upgrades. This is one of my key pain points for this product.

Maintenance requires two people; one to focus on the upgrade and one to monitor the traffic.

What was our ROI?

We have experienced a return on investment in terms of security that has added value. 

What's my experience with pricing, setup cost, and licensing?

This solution offers smart licensing that is comparable to other solutions on the market. 

What other advice do I have?

I would rate this solution a seven out of ten. 

There are multiple data planes that run within this solution. My advice is to unify those data planes into a single data plane, so that traffic is sectioned and can be handled effectively. If you need a next-generation firewall, this is a good product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Cisco Firepower NGFW Firewall
September 2022
Learn what your peers think about Cisco Firepower NGFW Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,572 professionals have used our research since 2012.
Senior Solutions Consultant at a comms service provider with 10,001+ employees
Consultant
Top 20
Stable with a straightforward setup and good overall features
Pros and Cons
  • "The implementation is pretty straightforward."
  • "In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."

What is our primary use case?

The solution is primarily used for protecting the environment, or the cloud environments for our customers.

What is most valuable?

All the specific features you find within the NextGen firewall are quite useful. The touch intel feature is specifically useful to us. We deliberately choose this kind of product due to its set of features. 

The implementation is pretty straightforward.

What needs improvement?

The security market is a fast-changing market. The solution needs to always check if the latest threats are covered under the solution. 

It would always be helpful if the pricing was improved upon a bit.

In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard.

For how long have I used the solution?

We've been using the solution for about five or more years at this point.

What do I think about the stability of the solution?

The solution is stable. It's very reliable. It doesn't crash or freeze and doesn't seem to be plagued by bugs or glitches.

What do I think about the scalability of the solution?

The solution can scale quite well. A company that needs to expand it can do so easily.

In our case, we have clients with anywhere between 1,000 and 10,000 users.

How are customer service and technical support?

We have our own in-house team that can assist our clients should they need technical support. They're quite knowledgeable and can handle any issues.

Which solution did I use previously and why did I switch?

I also have experience with Fortinet and Check Point.

How was the initial setup?

The implementation isn't complex. It's straightforward. However, it also depends on the specifications of the customer. Normally we check that out first and then we can make a judgment of how to best implement the solution.

Typically, the deployment takes about two days to complete.

In terms of maintenance, we have about five people, who are engineers, who can handle the job.

What about the implementation team?

We deliver the solution to our customers.

What's my experience with pricing, setup cost, and licensing?

You do need to pay for the software license. In general, it's a moderately expensive solution. It's not the cheapest on the market.

What other advice do I have?

We're a partner. We aren't an end-user. We are a managed security provider, and therefore we use this solution for our customers.

We always provide the latest version of the solution to our clients.

Typically, we use both cloud and on-premises deployment models.

I'd recommend the solution to others. It's quite good.

On a scale from one to ten, I would rate it at an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Imran Rashid - PeerSpot reviewer
IT/Solutions Architect at a financial services firm with self employed
Real User
A reliable next-generation firewall solution with good support
Pros and Cons
  • "I like that Cisco Firepower NGFW Firewall is reliable. Support is also good."
  • "We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover."

What is our primary use case?

In the new design, I put Cisco Firepower NGFW Firewall as a LAN segment and as the data center firewall. In the old design, I just used FortiGate Firewall for configurations, and we are going to replace it. The complete solution will be replaced with a two-tiered data center.

What is most valuable?

I like that Cisco Firepower NGFW Firewall is reliable. Support is also good. 

What needs improvement?

We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover.

For how long have I used the solution?

I have been using Cisco Firepower NGFW Firewall for about 11 years. 

What do I think about the stability of the solution?

Cisco Firepower NGFW Firewall is a stable solution. 

What do I think about the scalability of the solution?

Scalability is good, but just like the issue with Palo Alto and Fortigate, there is also an issue with Cisco Firepower NGFW Firewall. I can configure it easily because of my Cisco background, but others in my team aren't comfortable with it.

How are customer service and support?

Technical support is good. They were both fast and reliable and quick in making decisions. We faced specific issues, and tech support was efficient and provided an immediate solution. Other firewall vendors are slow to respond, and I'm not satisfied. It's also easy to Google and find solutions to our problems. We can't do that for other firewalls.

On a scale from one to five, I would give technical support a five.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used FortiGate Firewall, but we are replacing it with Cisco Firepower NGFW Firewall because we had issues with HP solutions. We also switched because I am Cisco certified, and my background and expertise are in Cisco.

How was the initial setup?

The initial setup was straightforward. 

What was our ROI?

We have seen a return on our investment. 

What other advice do I have?

I will tell potential users that the data center firewall is a good solution. But most of the companies are using other firewalls like Palo Alto and FortiGate. Most of the design architects prefer the parameters of the firewalls like we prefer the data center firewall.

On a scale from one to ten, I would give Cisco Firepower NGFW Firewall a ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Cassio Maciel - PeerSpot reviewer
Network Security Engineer at a financial services firm with 1,001-5,000 employees
Real User
Top 10
Great for blocking attacks, best support, and very easy to use
Pros and Cons
  • "The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
  • "Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."

What is our primary use case?

I use it to protect my DMZ from external attacks.

How has it helped my organization?

Last year, we received a lot of linear service attacks in our environment during the Black Friday season. Cisco Firepower blocked every attack.

What is most valuable?

The Adversity Malware Protection (AMP) feature is the most valuable. 

It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard.

What needs improvement?

Its interface is sometimes is a little bit slow, and it can be improved.

When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. 

In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment.

For how long have I used the solution?

I have been using Cisco Firepower for two years.

What do I think about the scalability of the solution?

We use it specifically for DMZ, so we don't need it to scale it up. Because we are using this solution for a specific environment, we don't plan to increase its usage.

We have a few teams who use this solution. We have the information security team for reading the logs and policies. We have administrators, and we also have contractors for the network operation center to analyze some logs and reports. 

How are customer service and technical support?

We have used their technical support. They are amazing. Cisco's technical support is the best.

Which solution did I use previously and why did I switch?

We have used Check Point and one more solution. The main difference is in the IPS signatures. Cisco Firepower has precise and most updated IPS signatures.

How was the initial setup?

The initial setup is easy. The deployment took two months because we didn't have Firepower previously, and it took us some time to plan and implement.

What about the implementation team?

We used our reseller and contractor to deploy Cisco Firepower. They were good.

What other advice do I have?

I would recommend this solution. I would rate Cisco Firepower a nine out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Principal Network Security Manager at a tech vendor with 10,001+ employees
Real User
Provides stability and ease of firewall management
Pros and Cons
  • "Firepower has reduced our firewall operational costs by about 25 percent."
  • "One of my colleagues is using the firewall as an IPS, but he is worried about Firepower's performance... With the 10 Gb devices, when it gets to 5 Gbps, the CPU usage goes up a lot and he cannot manage the IPS."

What is our primary use case?

This product protects our computer systems. I use it as a traditional firewall service. I don't have any special use cases for it.

How has it helped my organization?

Firepower has reduced our firewall operational costs by about 25 percent.

What needs improvement?

Sometimes there is a lack of performance. One of my colleagues is using the firewall as an IPS, but he is worried about Firepower's performance. It is much lower than we expected. They need to improve the performance a lot. With the 10 Gb devices, when it gets to 5 Gbps, the CPU usage goes up a lot and he cannot manage the IPS.

For how long have I used the solution?

I have been using Cisco Firepower NGFW Firewall for more than two years.

What do I think about the stability of the solution?

The most valuable property is the stability. It doesn't crash.

How are customer service and support?

When I have had issues with the software, I don't think they have given me the right answers. The support for the software isn't that good, but support for the hardware is very good.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Although I work in Korea, I needed a means of deploying computer systems in other countries. Two or three years ago I was looking for a proper solution that would cover global sites. I chose Cisco products because Cisco has a very large presence all over the world.

How was the initial setup?

Once I got used to this product, it was easy to use other products, but it was not easy for me the first time.

What's my experience with pricing, setup cost, and licensing?

Firepower is a little bit expensive, although there are no additional costs beyond the standard ones.

Which other solutions did I evaluate?

We have several brands of firewalls in our organization. Compared to them, the ease of management of the Cisco firewalls is pretty good.

What other advice do I have?

When you calculate the capacity you need, you should add a buffer for performance.

There are 25 users of the solution on my team and they are all network security specialists.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Gyaneshwar Upadhyay - PeerSpot reviewer
Senior Network Engineer at BCD Travel
Real User
Top 10
User friendly and easy to use GUI, but stability and scalability need improvement
Pros and Cons
  • "If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
  • "We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."

What is our primary use case?

We are currently using this solution as a VPN and an internet firewall in some locations. In our data center, we are still using FortiGate as an internet firewall but we are evaluating other options.

What is most valuable?

If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.

What needs improvement?

We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve.

For how long have I used the solution?

I have been using Cisco Firepower NGFW Firewall for approximately three years.

What do I think about the stability of the solution?

The solution is not stable. There seems to be always some issues. This is not ideal when you are running a system in a data center environment.

What do I think about the scalability of the solution?

There is room for improvement in the scalability of this solution.

How are customer service and technical support?

I was satisfied with the support we received.

How was the initial setup?

When I did the installation three or four years ago it was challenging. 

What's my experience with pricing, setup cost, and licensing?

This solution is expensive and other solutions, such as FortiGate, are cheaper.

Which other solutions did I evaluate?

I have evaluated FortiGate firewalls and when comparing with this solution there is no clear better solution, they each have their pros and cons.

What other advice do I have?

I would recommend a Next-Generation firewall. FortiGate has a Next-Generation firewall but I have never used it. However, it would be similar to the Cisco Next-Generation FirePOWER, which has most of the capabilities, such as running all the BDP sessions and having security intelligence in one system. 

I would recommend everyone to use this solution.

I rate Cisco Firepower NGFW Firewall a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
AliTadir - PeerSpot reviewer
Owner at Nexgen IT Solutions
Reseller
Helps protect servers from hackers but doesn't have all the next-generation features we need
Pros and Cons
  • "The most valuable feature is the Intrusion Prevention System."
  • "Most of the features don't work well, and some features are missing as well."

What is our primary use case?

We use it as a next-generation firewall for the perimeter. I generally use it on-premises.

How has it helped my organization?

It helps protect my servers from hackers.

What is most valuable?

The most valuable feature is the Intrusion Prevention System.

What needs improvement?

Most of the features don't work well, and some features are missing as well. The completeness of the solution is most important for me. It should be complete, but some parts are missing. Cisco should improve it.

Every part of the features should be developed. That includes the next-generation firewall parts, such as application recognition.

For how long have I used the solution?

I have been using Cisco Firepower NGFW Firewalls for about five years. I am an integrator and reseller of multiple vendors' products.

What do I think about the stability of the solution?

The stability is getting better day by day, but I would expect a more stable solution, to be honest. It is stable now, but we have solutions that are more stable.

How are customer service and support?

Technical support is nice, but most of the limitations or problems are caused by the product itself. There's nothing that a technical engineer can do about them.

What's my experience with pricing, setup cost, and licensing?

The licensing package is good, but the licensing fee should be decreased.

Which other solutions did I evaluate?

I have used CheckPoint, Palo Alto, Juniper, and FortiGate. The Palo Alto solution is complete. 

If I choose Cisco Firepower it is mostly because of its integration with other solutions. When the customer has several Cisco solutions, I put Cisco Firepower on top of them. But if the customer has a complex environment, I generally prefer other solutions.

What other advice do I have?

For specific needs, like VPN, you can use Cisco Firepower. But our expectation is for a next-generation Firewall or UTM solution that includes all the features. I cannot recommend Firepower to others, at the moment, as a unified threat management solution.

Generally, if the customer's number of users is greater than 100, that's when the Cisco solution is more likely to be effective.

Maintenance of the solution requires one or two people.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Cisco Firepower NGFW Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2022
Product Categories
Firewalls
Buyer's Guide
Download our free Cisco Firepower NGFW Firewall Report and get advice and tips from experienced pros sharing their opinions.