We performed a comparison between Cisco Defense Orchestrator and FireMon Security Manager based on real PeerSpot user reviews.
Find out what your peers are saying about AlgoSec, Tufin, Palo Alto Networks and others in Firewall Security Management."The most valuable feature is the Intrusion prevention."
"The most valuable feature is being able to do centralized upgrades on the ASAs. We can select all of those ASAs, and say, "Upgrade these ASAs at this scheduled time." It will copy down the ASA image, ASDM image, and then do the upgrade and failovers, and then put it all back into service as required at a scheduled time. It automates that process for us."
"This product provides excellent centralized device controls and reporting."
"For this product, they are very uncharacteristically interested in resolving whatever issue the customer reports. They're really attentive, and they address whatever we bring up as quickly as they can. That's been a very positive aspect of the product."
"The bulk changes feature is definitely the most valuable."
"If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time."
"Cisco Defense Orchestrator has useful guides for the steps that need to follow by users."
"If our server is blocked, this solution shows us why it is blocked and allows us to update the network routing."
"What I like about FireMon is the ability to track changes made by network engineers on the network."
"The SQL language is convenient to use. It allows us to process a bunch of criteria very quickly and narrows things down if there is an issue with the firewall. It's easy to do that with SQL queries."
"In one report, FireMon tells us there are, say, 1,000 rules that can be taken out and it gives us the ability to disable those for a year and to track when we made our changes. After a year, we can go back and eliminate the rules, to bring the configuration down to an almost human-readable level."
"Policy test, access path analysis, and change reports."
"The Security Manager part of FireMon... gives me an eye on everything that's out there, everything that I cannot see. Because I'm not a network admin, I cannot go to a firewall itself, but at least I have FireMon so that I can go in and view everything that I want to view. And I can eliminate whatever I see that is wrong,"
"Vendor agnostic when it comes to integrating with other product."
"It provides us with a single pane of glass for our on-prem environment, to see configuration. We have not implemented into the cloud yet. We can search for an object group and see where it lives on any firewall in the enterprise or find security rules, no matter what firewall they're on."
"The automation that the platform provides to create tickets reduces human error and more generally, reduces the operational overhead."
"The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities."
"CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring."
"I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free."
"The dashboard needs to be more customizable to provide better reporting for our network."
"I'd like CDO to be the one-stop-shop where we could do all the configurations easily. It would be nice, for ASA upgrades, if we could do them from a central repository and not have to reach out to Cisco. That would be a definite plus."
"If I make a change locally to the firewall, CDO gives an alarm or an error message and says there's a change in compliance: "The firewall has this configuration but the last time it was compiled it had that configuration." That view of new changes versus the old could be better... I had to log in manually, locally on the firewall, to check which version, which configuration was actually running. I couldn't see it in CDO."
"They need to work on the user interface. It needs to be improved to make it more user-friendly."
"When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up."
"When it comes to real-time compliance management, something that is missing is alerting on certain, predefined controls. It would be good to have a predefined set of controls which, if not complied with in a newly set up rule, would create an alert for us. That is something that is missing, out-of-the-box."
"The training for configuring new users or operators is confusing because the UI is not user-friendly and has room for improvement."
"The advanced features are complex in setting up the rules."
"One area for 7.x customers that needs improvement is the migration. It is an involved process so get ready to spend some time getting your environment back to the way it was."
"We have had some stability issues that are affecting operations. We rely heavily on this solution and if it isn't working then we have to create rules manually."
"The initial setup can take some time, including connecting it and configuring it. It's not something that is easy for anybody to do. There is time and energy required because of the number of systems you have to configure to get it to work properly."
"I don't like that it comes with bugs, constant issues, and limited functionality."
"Policy Planner requirements section is good, but could use some improvement to allow flexibility to enter different types of requests (modifying an existing policy, object or service group, for example) in a structured task format that can be auto-verified."
Earn 20 points
Cisco Defense Orchestrator is ranked 14th in Firewall Security Management while FireMon Security Manager is ranked 4th in Firewall Security Management with 52 reviews. Cisco Defense Orchestrator is rated 8.2, while FireMon Security Manager is rated 8.2. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of FireMon Security Manager writes "Makes compliance much easier compared to doing it manually, and automates policy changes across environments". Cisco Defense Orchestrator is most compared with Tufin Orchestration Suite, AlgoSec, Palo Alto Networks Panorama and Azure Firewall Manager, whereas FireMon Security Manager is most compared with Tufin Orchestration Suite, AlgoSec, Skybox Security Suite and Palo Alto Networks Panorama.
See our list of best Firewall Security Management vendors.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.