We performed a comparison between Cisco Defense Orchestrator and Tufin Orchestration Suite based on real PeerSpot user reviews.
Find out what your peers are saying about AlgoSec, Tufin, Palo Alto Networks and others in Firewall Security Management."The ability to do operations on multiple firewalls at once is valuable because it saves time and mental effort. The solution's ability to make bulk changes makes it very convenient to manage things at once on multiple targets."
"We use a lot of image upgrades. We take some 20 devices and then we update everything at once, including the policies. We apply policies for groups. For certain groups, like anti-viruses, we send out policies and apply them to every single device. It's really easy and simple."
"The most valuable feature is that you can push one policy or one rule out to several devices at a time."
"This product provides excellent centralized device controls and reporting."
"The initial setup was straightforward. We spun up the VM onsite. We generated the key that it needed to talk to the Cloud Orchestrator. After that, as I started adding devices, it was relatively quick and easy."
"The most valuable feature is being able to do centralized upgrades on the ASAs. We can select all of those ASAs, and say, "Upgrade these ASAs at this scheduled time." It will copy down the ASA image, ASDM image, and then do the upgrade and failovers, and then put it all back into service as required at a scheduled time. It automates that process for us."
"The most valuable feature is the Intrusion prevention."
"If our server is blocked, this solution shows us why it is blocked and allows us to update the network routing."
"Comparing the rules and policy browser is valuable to me. It gives me the ability to pull running configs and be able to analyze them without having to go directly into the firewall."
"It is very stable."
"We use Tufin to clean up our firewall policies. This makes it a lot easier to find out the things that are wrong."
"We were hit by the NotPetya attack. Therefore, our whole company and all its sites were down for several months. So, you don't have an attack like that and not need something like Tufin. Other companies can prevent these attacks, or at least slow them down, by having this type of a tool. We will never go back."
"Visibility is its largest and most valuable feature. You can see everything or all the devices on the network for each customer. It provides you a larger view of what might be wrong with the network and how you can improve it with firewall rules, etc. If you are talking about secure change, being able to automate the entire change process is pretty much the winner for us. It is going to really reduce the time that it takes for us to do changes, and we can just go out and get more customers."
"It has allowed us to be more efficient in our processing of firewall requests."
"It's hard to pick the most valuable feature. All of them are valuable, they're all critical for us... ChangeTrack obviously has a lot of very good features, like the risk analysis, the USP, and the Policy Browser."
"Our engineers save quite a bit of time that was previously spent on manual processes."
"It would be a better product if it incorporated device control for third-party products easily."
"They can centralize all products and provide a correlation about an incident and the response. They can also provide an on-premises solution. Currently, Cisco Defense Orchestrator is just for cloud deployments, not for on-premises deployments. Customers have to manage it on the cloud. We are based in Vietnam, and most of the customers here prefer to have on-premises deployments. Customers, especially from banking and government sectors, do not prefer to do anything on the cloud. Some of the small enterprises use the cloud."
"I'd like CDO to be the one-stop-shop where we could do all the configurations easily. It would be nice, for ASA upgrades, if we could do them from a central repository and not have to reach out to Cisco. That would be a definite plus."
"The dashboard needs to be more customizable to provide better reporting for our network."
"I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free."
"It should have more features to manage FirePOWER appliances."
"The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities."
"When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up."
"The metrics need improvement. They need more consistency or understanding of automation, along lines of customization of automation."
"There are things that could be explained a little better for somebody brand new to this system, which could be helpful, especially if it was in real-time while you were working in the system. Having the ability in real-time to be able to understand search query suggestions would be helpful."
"The firewall management is complex for beginners."
"In the next release I would like to see better migration in the Cloud because that will allow more visibility in the network."
"The two main negative points with Tufin Orca are the absence of full support and that accommodation of files and tools is not provided in a good way."
"They need to offer more support to vendors, such as Cisco, Checkpoint, Fortinet, and Forcepoint."
"It would be better if they modernized the web GUI. The web interface GUI is simple and not complicated, but it's also too old."
"The GUI is limited with respect to how much you can develop and visualize the process."
Earn 20 points
Cisco Defense Orchestrator is ranked 14th in Firewall Security Management while Tufin Orchestration Suite is ranked 2nd in Firewall Security Management with 180 reviews. Cisco Defense Orchestrator is rated 8.2, while Tufin Orchestration Suite is rated 8.0. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of Tufin Orchestration Suite writes "A flexible, very secure solution that works well in Layer 2 environments". Cisco Defense Orchestrator is most compared with AlgoSec, Palo Alto Networks Panorama and Azure Firewall Manager, whereas Tufin Orchestration Suite is most compared with AlgoSec, FireMon Security Manager, Skybox Security Suite, Palo Alto Networks Panorama and Illumio.
See our list of best Firewall Security Management vendors.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.