What is our primary use case?
We performed an in-house evaluation of Cisco ASA NGFW for use as an Internet Gateway Firewall and internal East-West traffic firewall between security zones. We are historically a Cisco shop and were planning on it being the top contender for our NGFW solution.
How has it helped my organization?
Cisco ASA NGFW running in "Firepower" mode - aka the actual NGFW mode was not "fully baked", so it didn't meet all our requirements to fit our network architecture. It requires a completely different language than ASA and we found it to be difficult compared to other top firewall vendor offerings.
What is most valuable?
Integration with all the other Cisco tools is valuable. However, we've moved away from all Cisco security tools since this evaluation. Firewall choice was key to what direction we went and we found not only was the competing firewall solution superior, but their endpoint protection solution was as well.
What needs improvement?
The first thing that needs to be done is to finish building out Cisco ASA "Firepower Mode" in order for all features to work correctly in complex enterprise networks. It also needs a usable GUI like Palo Alto and FortiGate. There are lots of bug fixes to be done, and Cisco should consider performing a complete rebuild of the underlying code from the ground-on-up.
For how long have I used the solution?
What do I think about the stability of the solution?
With regards to stability, we had a critical bug come out during our evaluation.
What do I think about the scalability of the solution?
It should be well scalable. However, we didn't see a good centralized management/monitoring system like the one that Palo Alto has.
How are customer service and technical support?
Customer support was decent, although we definitely don't feel like you get the value of the mandatory support/maintenance fees.
Which solution did I use previously and why did I switch?
We used Fortinet FortiGate, but as an early gen "NGFW" it was outdated. We have issues we don't believe would be resolved with their latest offering, so we didn't even evaluate it.
How was the initial setup?
We found the initial setup much more difficult to do even simple things, like setting up VPN tunnels.
What about the implementation team?
Our in-house team tested and evaluated the solution.
What's my experience with pricing, setup cost, and licensing?
Watch out for hidden licensing and incredibly high annual maintenance costs. We bought much beefier Palo Altos for a less expensive one-time and annual cost.
Which other solutions did I evaluate?
Palo Alto Networks NGFW Firewall was compared in-house using the same configuration and testing, and it won hands-down.
What other advice do I have?
Watch out for the marketing hype vs objective reality. Do the advertised features actually work correctly/effectively?
We chose a different solution after performing in-house testing.