IT Central Station is now PeerSpot: Here's why
Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
June 2022
Get our free report covering Fortinet, Check Point, Zscaler, and other competitors of Palo Alto Networks URL Filtering with PAN-DB. Updated: June 2022.
610,812 professionals have used our research since 2012.

Read reviews of Palo Alto Networks URL Filtering with PAN-DB alternatives and competitors

TonyMoore - PeerSpot reviewer
President at www.virtualtechsolutionsusa.com
Real User
Top 5Leaderboard
Prevent unauthorized use of network resources and integrate branch offices with reliability
Pros and Cons
  • "Completely integrates branch offices with perimeter security."
  • "The capabilities for scalability with this product are huge"
  • "Cisco is head-and-shoulders above all of the competition when it comes to technical support."
  • "The pricing is the only con for this product."

What is our primary use case?

Some of our uses for this product are on-premise-based and then some are cloud-based. Mostly, we are cloud-based right now because we are getting away from physical architecture moving forward into the cloud as is Cisco. It allows going from considering CapEx (Capital Expenditure) to OpEx (Operating Expense, Operating Expenditure). That is one of the important things that it allows us to do. It is easier to have solutions cloud-based when it makes sense. All the updates and maintenance get taken care of on their side which is a benefit.  

On the cloud, we have both public and private services. It depends on what we are doing. If we have a client that is a hospital, they have got to be HIPAA (Health Insurance Portability and Accountability Act) compliant. We also recommend private cloud services for some huge retailers that have to be PCI (Payment Card Industry) compliant.  

We use it mostly just for prevention. Basically to prevent unauthorized use of network resources. They use it for routing capabilities, threat mitigation, worms, and viruses. A lot of times, it is used for the network application layer threat.  

How has it helped my organization?

The solution does not do anything for us directly as we use it with other clients. We are a large IT company. We hear from clients who tell us what they want. We just find solutions for what they tell us they need. Everyone has a different flavor of what they are looking for and what they are looking to fix.  

The Cisco IOS (Internetwork Operating System) firewalls are mostly set up for branch offices in small to medium business environments or for managed services. Those are the clients we usually use this solution for. It is usually only used for a specific thing to fill a specific need. It might be NAT (Network Address Translation), it might be a guideline or restrictions, it might be that they can have the option to make a solution work on cloud or on-premises. It could be deployed so they have the option to either use CapEx or OpEx. It helps to create options for those types of things.  

What is most valuable?

I would say that the most valuable thing is probably the Application Visibility and Control which is how it controls the application traffic on the network. I like the IPS (Intrusion Prevention System), the IOS content filtering, and the NAT network translation. I like the way it completely integrates branch offices in our perimeter security.  

What needs improvement?

A few things have room for improvement in your opinion. That would start with cost. Cisco products are more expensive than the competition, but the additional cost usually gets absorbed by the name recognition. Most people have Cisco or have familiarity with it, so they go with it. If they want the top quality product, they immediately feel comfortable with the Cisco name brand. That is where we come in as consultants. We bend over backward to make product comparisons and framing for solving the needs posed by an organization. I see something is a better fit for them that they could use. It would reduce their CapEx, their expenses, and it would fit them better all at the same time. The client may still want Cisco despite the recommendation that we make. But usually, that is what it is. Cisco fits, and if they want to spend the money, we make sure that it is within their budget. They feel more comfortable with Cisco, and they have had Cisco in the past, so we go with Cisco then.  

Cisco is great. A lot of the tech companies are doing really well. But Cisco is still in the forefront. They are on top of this category of products. I can not think of anything else they could do because they cover pretty much everything that you would need a firewall for. Then you get Cisco's support behind the products.  

I would think it would be a lot better for us and we could make more money if we try to recommend that clients put drop-in boxes at every location. But we do not choose to do that unless there is a purpose for it. In most cases, we would prefer clients to go the OpEx route. It takes a lot to offset the cost of Cisco so if they are going to do a cloud solution, their costs are metered per month by whatever solution they have. That is a lot better for projecting costs, and then there is the benefit of everything being upgraded in the cloud for them. They do not have to worry about anything. It just works.  

For how long have I used the solution?

We have been using Cisco for as long as Cisco has been around. It is hard to answer the question of when, exactly, we started using this product because they have been upgrading or changing the product as it evolved over the years. It is basically the same foundation and they build upon that over time. I can just say that we have been either using this product or something very similar for a long time.  

What do I think about the stability of the solution?

Cisco IOS Security is stable, very stable.  

What do I think about the scalability of the solution?

The capabilities for scalability with this product are huge. It is very scalable.  

A lot of our clients have a small main office with accounting and human resources that are headquarter-based. Most of them have other remote sites and branch offices. Whether it is a bank or a finance company, it is easy for employees in those particular roles to be able to pull applications down. It takes a lot of stuff off what would have to be handled by the network firewall. They do not have to worry about so many threats when they are bringing up applications to use and if there are compliance or regulating issues that they have to be aligned with. But that is the type of environment where this product can be used to scale effectively.  

How are customer service and technical support?

Cisco's technical support is very good. There are a couple of competing products that I know do not have support that is as good. Palo Alto does not have particularly good technical support, for example, but most of the rest of them do. Even so, Cisco is head-and-shoulders above all of them.  

For tech support, independent of the cost of the product, I would definitely give Cisco a ten-out-of-ten.  

Which solution did I use previously and why did I switch?

We just had a client go with Cisco Meraki and we put a couple of those in. Then we had a Cisco Nexus installation and they topped that by integrating it with perimeter firewalls for their remote locations or branches.  

We currently use really any brand of product in consideration for our consultations. There is not any particular brand we are married to, and we have used them all, pretty much. We do not use all the solutions ourselves. We get feedback from our clients and the companies we do work for. All the clients that we get give us pretty good feedback on the recommendations and the products that they end up using. Otherwise, they would be angry with us. What we recommend has to fit their particular niche and that is what we have to be good at identifying.  

For instance, if a client comes to me and describes how their organization is set up, we react to that. If they say they are a finance company and they have accounting and finance concerns, there are some pain points that they are going to have solved. One of those is application-specific. Then you have to layer that with your regulatory concerns. HIPAA compliance is something I encounter with finance companies, banks, and medical facilities. Those types of companies do very well with CloudGenix because CloudGenix is application-specific. If you put their firewalls in place, those would be a good fit for that type of client. For everything else — manufacturing and all the others and things like that — Cisco would be number one. They outweigh the competition in terms of different companies that they fit niches for better because of the range and flexibility of the solutions.  

If the client's needs are application-based, then we start looking at another way with another solution. But Cisco does great with being PCI and HIPAA compliant and all that, but if you only consider Cisco for every installation, that means you are pulling everything from one pool. You are not looking closely at the specifics.  

How was the initial setup?

I think that the initial setup is very straightforward. Most of the firewalls are straightforward and not too complex. When you are setting up a network with something like Merakis, or if you are looking at working with CloudGenix, then that is where you start to get a separation of difficulty in installation and will notice that it becomes a little bit harder to set up.  

What other advice do I have?

My advice to people and companies considering this solution is to just do the research. Do compatibility research to compare with the other solutions that are out there. Definitely make sure that the firewall you choose is designed for your network architecture, application-layer attacks, and virus and worm protection. If that coverage is what you are looking for and you have an analog phone system. You might not be ready to go to VoIP (Voice over Internet Protocol) yet because you do not want to lose the phones that you have got. Some people add to that base as they scale. We can use something called SIPs (Session Initiation Protocol), for connecting all those analog phones to the VoIP. That is a good indicator that a Cisco firewall will be a good solution for you because it protects the unified communication and guards the SIPs, endpoints, and call-control resources.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this product overall as a ten, for sure, if you consider its advantages over the competition. If you add in pricing, I would have to lower that to a nine-out-of-ten. Price is the only place that I figure Cisco could do something. Or if they could offset the cost of their boxes using a cloud solution. We had a client do that. They had boxes, but they were trying to figure a better way to scale. I suggested to them that they just move the areas that they were scaling to the cloud. They did it with the new branches they have added, and now they are waiting to phase out their boxes. They will eventually move over to a complete cloud-based firewall solution.  

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Greg Tate - PeerSpot reviewer
Information Technology Operations Manager at a tech services company with 51-200 employees
User
Top 20
Great for detection and access with the capabilities of defining specific rules
Pros and Cons
  • "We are able to define our own rules for detection."
  • "Support is the biggest area for improvement."

What is our primary use case?

We wanted a more robust solution for controlling access to our cloud environments (AWS and Azure). In addition, we wanted our control to be cloud-based. 

Our thought was to find a solution to aid us in being proactive as well as reactive. We have multiple environments in multiple clouds with some areas having delegated administration. The solution we needed was one to reduce the need for administrative headcount to continuously review any misconfiguration. Beyond that we were looking to find a solution for SASE.

How has it helped my organization?

The product has allowed us to proactively mitigate any network access misconfiguration resulting from delegation. 

We didn't have to hire an additional network administration resource to focus on detecting any misconfigurations. Dome 9 has assisted through the pre-canned compliance templates. 

We are able to define our own rules for detection. 

In addition to the Harmony Connect Endpoint bundled VPN, the Harmony Connect SASE is continuing to reduce reliance on traditional VPN to the point we will likely discontinue the use of the bundled VPN.

What is most valuable?

In terms of valuable features, it's hard to choose one. Dome9 and Harmony Connect have both been great in detecting and solving access issues.

As mentioned elsewhere in this review, the Harmony Connect SASE has been extremely valuable in improving our security posture and moving us to a zero-trust mindset (organizationally speaking).

Also, as mentioned, Dome9 has paid for itself through the cost savings of additional headcount. If we didn't have Dome 9, we would keep an additional headcount for the single purpose of detecting network changes within the environment. 

What needs improvement?

Support is the biggest area for improvement. Check Point is responsive, however, their support agents seem to be very siloed in their ability and/or product knowledge. It takes time and escalation to get through most tickets as they are passed from one group to another and then back again. We are able to navigate our support issues with the aid of our account team, so I want to underscore that support is indeed responsive. However, the processes support techs have to follow seem to be the root cause of the support response issues. 

For how long have I used the solution?

I've used the solution for two years.

What do I think about the stability of the solution?

This is where Check Point needs to get operations ironed out. Stable Check Point products are items that haven't been acquired recently. Recent acquisitions seem to lack cohesive functionality.

What do I think about the scalability of the solution?

From what we've encountered, scalability isn't an issue.

How are customer service and support?

Support seems siloed in knowledge, As a result, most support requests require additional management. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We previously used a different solution, however, it was costly and didn't provide the same functionality.

How was the initial setup?

The setup was difficult given the number of products and the lack of a cohesive user experience.  

What about the implementation team?

We implemented the product in-house with the aid of support as part of a POC.

What was our ROI?

We noted ROI after one year.

What's my experience with pricing, setup cost, and licensing?

It seems, as with other services of this nature, opting-in on the bundled licensing is the best bet. I'd suggest looking at the Infinity Plan. 

Which other solutions did I evaluate?

We evaluated Cisco, Juniper, and Palo Alto.

What other advice do I have?

Make sure you have a good vibe from your sales team. They tend to support you in the long run. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
ZhulienKeremedchiev - PeerSpot reviewer
Lead Network Security Engineer at TECHNOCORE LTD
Real User
Top 5
Flexible, scalable, and stable, but needs more intuitive interface
Pros and Cons
  • "In the virtual deployment, you have a couple of choices depending on your needs and how much bandwidth you have that needs to be inspected."
  • "Cisco can do better on their documentation because the product is really hard to understand."

What is our primary use case?

The solution works on a base set of rules to detect malicious traffic or certain exploits, which can be done from both the outside and inside network.

What is most valuable?

In the virtual deployment, you have a couple of choices depending on your needs and how much bandwidth you have that needs to be inspected. It is quite flexible because it can be deployed on the cloud as well. All the kinks which were in the previous versions were fixed.

What needs improvement?

I do not think that Cisco has official documentation regarding use cases. They can do better on their documentation because the product is really hard to understand. You need a lot of time to change around things to understand how it works exactly and fine-tune it. If they make it less complicated, I think it will really help all the customers.

They could make the user interface of the management center more user friendly and customizable in the next release. I think they can take some pointers from Palo Alto because their user interface is really intuitive and really customizable.

For how long have I used the solution?

I have been using the solution for approximately five years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable. The management center, which controls the sensors, you can deploy it. You have two different virtual appliances, one is for managing up to 25 sensors and the bigger one is up to 300 sensors. The hardware list of the products ranges from, I think, 20 sensors and up to 500. Depending on your needs, you can scale it.

We have three administrators working on the solution and the whole organization is being protected by it.

How are customer service and technical support?

Cisco support is really great. Especially when you have a priority case, when everything is down, you can get an engineer in 15 minutes.

How was the initial setup?

The setup is easy, you do not need hardware. You can just sign up for AWS or Azure and you can deploy it there.

What's my experience with pricing, setup cost, and licensing?

There are licensing fees depending on the features that you are using.

Which other solutions did I evaluate?

I have evaluated Palo Alto in the past.

What other advice do I have?

Before this version of the solution, it was like a normal IPS. The source for IPS was bought by Cisco, and now it is integrated into the Firepower Threat Defense. The Firepower Defense is a unified image of both the previous firewall which Cisco had, the ASA, and the source for IPS. Currently, the FTD is like a UTM device, a unified threat management device, because it has firewall capabilities and IPS capabilities.

I am going to continue using this solution even though I enjoyed using their main competitors product from Palo Alto. I would recommend this solution to others.

I rate Cisco NGIPS a seven out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AMITKUSHWAHA - PeerSpot reviewer
Optical Fiber Splicer at Tachyon Broadband
Real User
Top 20
Reliable and easy to set up with good security features
Pros and Cons
  • "The product is scalable."
  • "There could be more modifications."

What is our primary use case?

We primarily use the solution for security purposes. 

What is most valuable?

Some security features are used for side blocking and antivirus and application control and bandwidth control. These are important for us.

The initial setup is straightforward. 

It's a reliable tool.

The product is scalable. 

What needs improvement?

There could be more modifications. Some features are enabled, however, compared to Fortinet, some features are not easy. 

Sometimes the dashboard does not open properly. When we add more options, SD-WAN features, and user control features, the opening is very slow. It does not sync properly.

For how long have I used the solution?

We've used the solution for one or two years. 

What do I think about the stability of the solution?

The solution is stable and quite reliable. There are no bugs or glitches and it doesn't crash or freeze. 

What do I think about the scalability of the solution?

The solution is scalable. There is no hardware. There are many clients and we have not had any complaints so far in regard to the product.

How are customer service and support?

Technical support is good, however, they do not respond quickly. They respond late. When we log the case, there's no priority with service. You can't get a response, for example, within an hour or two unless you have priority. Cisco, in contrast, divides its services into P1, P2, or P3. That way, if something is recognized as a P1, they get help much faster. 

Which solution did I use previously and why did I switch?

I also work with Cisco. I'm also aware of Palo Alto as an option. 

How was the initial setup?

The initial setup is straightforward and not complex. It's easy compared to Palo Alto and a few others.

Our deployment of Fortinet FortiGate took two years.

What about the implementation team?

We are resellers. We are able to handle the setup and deployment.

What other advice do I have?

We are resellers. 

The Fortinet 201 and 900 series are very good.

I'd rate the solution nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
June 2022
Get our free report covering Fortinet, Check Point, Zscaler, and other competitors of Palo Alto Networks URL Filtering with PAN-DB. Updated: June 2022.
610,812 professionals have used our research since 2012.