We performed a comparison between Cisco Defense Orchestrator and FireMon Security Manager based on real PeerSpot user reviews.
Find out what your peers are saying about AlgoSec, Tufin, Palo Alto Networks and others in Firewall Security Management.
"The most valuable feature is the Intrusion prevention."
"The ability to see the uptimes on the different VPNs that we have configured for site-to-site."
"The ability to do operations on multiple firewalls at once is valuable because it saves time and mental effort. The solution's ability to make bulk changes makes it very convenient to manage things at once on multiple targets."
"When we're looking to the policies, it identifies the shadow rules. It notifies us about anything that will supersede other rules."
"There are a lot of templates that are already built-in. They give you quick-to-create and quick-to-apply policies that are typically a little more complicated for people."
"The bulk changes feature is definitely the most valuable."
"If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time."
"If our server is blocked, this solution shows us why it is blocked and allows us to update the network routing."
"The firewall assessment feature is great."
"The most valuable feature is that everything is recorded in the historical logs, including the firewall rules, headcounts, object-level usage, and the rule documentation. The rule certification details are also there, which means that someone can be held accountable for a specific firewall rule."
"The automation that the platform provides to create tickets reduces human error and more generally, reduces the operational overhead."
"The most valuable features are Policy Optimizer and Firewall Manager for different brands of firewall."
"The unused objects is another nice feature, where it digs a little bit deeper into comparing the logs that it sees versus the configurations that it sees... The unused objects feature will go through in a pretty detailed way and show us which ones aren't being used. Or, if they are used, it will show us how often they're used."
"What I like about FireMon is the ability to track changes made by network engineers on the network."
"For the cleanup of firewall rules, it performs really well for us. We utilize it in our regular rule cleanup tasks, several times a year. FireMon is our primary tool when doing that, either by going through its out-of-the-box compliance rules or using it to search for certain things in our rules that we want to prune from our firewalls."
"Compared to other applications, it is user-friendly. The appearance of the menus and titles is clear and they are easy to follow. Of course, it requires some experience through using it, to go through everything, but it is not very difficult. It is an easy application to use."
"There could be some slight improvements to navigation. In some of the navigation you've got to go back to be able to get into where you need to be once you've made a change. If I make a change, I've then got to go back to submit and send the change."
"When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up."
"If I make a change locally to the firewall, CDO gives an alarm or an error message and says there's a change in compliance: "The firewall has this configuration but the last time it was compiled it had that configuration." That view of new changes versus the old could be better... I had to log in manually, locally on the firewall, to check which version, which configuration was actually running. I couldn't see it in CDO."
"We had some MX devices that were blocking Windows Update from happening. We found out it was a Meraki issue, but it would have been nice if it had been flagged for us: "Hey, these updates are failing because the MX is blocking it." It wasn't a huge problem, but there was a loss of our time as well as the fact that the updates didn't get pushed out... It would have been nice if CDO had let us know that that was an issue."
"Cisco Defense Orchestrator can improve by providing more support for third-party security components."
"CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring."
"It would be a better product if it incorporated device control for third-party products easily."
"The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities."
"We've had recurring issues managing FireMon's internal backups. Sometimes, the space allocated for the backup is full, and there is no process where it deletes files that are older than I certain date. It's just waiting for the storage to get full and then it's cleaned up. It isn't something that creates serious issues for us."
"I don't like that it comes with bugs, constant issues, and limited functionality."
"To my knowledge, there's no cloud component to FireMon whatsoever. We're on the hook for any updates to versioning of the operating system or the application that runs on the operating system. It would be nice if it was a little bit more automated."
"Some of the core functionality in our environment doesn't seem to work. We will get buggy code releases. They need to work on their Q&A of every code release."
"The cost of the solution is pretty expensive. It would be ideal if they could work on their pricing."
"One area for 7.x customers that needs improvement is the migration. It is an involved process so get ready to spend some time getting your environment back to the way it was."
"I ran a report and FireMon suggested that certain tools were not used. When I removed them, while it didn't bring our environment down completely, a lot of our environment started malfunctioning. Our backup system did not work, nor did other things that involve internal and external communication. We are not comfortable with what it did."
"FireMon could be made more user-friendly when it comes to creating filters or conducting traffic analysis."
Earn 20 points
Cisco Defense Orchestrator is ranked 14th in Firewall Security Management while FireMon Security Manager is ranked 4th in Firewall Security Management with 53 reviews. Cisco Defense Orchestrator is rated 8.2, while FireMon Security Manager is rated 8.2. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of FireMon Security Manager writes "Makes compliance much easier compared to doing it manually, and automates policy changes across environments". Cisco Defense Orchestrator is most compared with AlgoSec, Palo Alto Networks Panorama, Tufin Orchestration Suite, Azure Firewall Manager and Cisco Secure Firewall Management Center, whereas FireMon Security Manager is most compared with Tufin Orchestration Suite, AlgoSec, Skybox Security Suite, Palo Alto Networks Panorama and ManageEngine Firewall Analyzer.
See our list of best Firewall Security Management vendors.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
