What is our primary use case?
We have it set up to test to look at policy from an overarching perspective. Then, we are hoping to use it for policy push, such as making both changes across different firewalls, but we haven't gotten to that point yet.
We have the on-prem relay, and then that connects into the cloud for Cisco Defense Orchestrator (CDO),
We deployed the most recent version about a year ago.
We don't use it on a day-to-day basis. It's not something that we really spend a lot of time reviewing. I just haven't had time to sit down with it.
How has it helped my organization?
It hasn't really improved our organization. It has been more like a PoC which was spun up and played with for a little while, and we haven't gotten back to it.
I saw that it could simplify security policy management across our extended network and it does have the capability. We just never went to do anything with it.
We don't work with the auditing. That is another security team who hasn't been exposed to the team, as far as auditing the current firewall rules.
This has the potential to make our security teams more productive, but we have never used it for that.
What is most valuable?
The rule usage is a nice feature.
The ability to see the uptimes on the different VPNs that we have configured for site-to-site.
The overarching policy as far as the rules go and the assessment that it can do with the rule base.
The GUI on it was decently put together.
What needs improvement?
When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up.
For how long have I used the solution?
We've had it setup for about a year. Though, it has probably been a few months since I have even logged into it.
What do I think about the stability of the solution?
It has been stable, as far as I can tell.
What do I think about the scalability of the solution?
We never pushed the limits. We put about 15 or 20 firewalls on it, and it seemed to take that just fine.
There are about five or six people who can log into it, look at it, and explore the capabilities of it. To my knowledge, no one is currently using it. If they do, they'll log in there to look at the rule base or for general usage. It was good for getting reports out.
How are customer service and technical support?
I used the technical support once. It was to get a username reset. The experience was okay.
We use the solution support for our ASA devices. We also have Firepower, and at the time, it only does FTEs. Therefore, everything we deploy is in an FMC manner. We never could get that in there.
How was the initial setup?
The initial setup was straightforward. We spun up the VM onsite. We generated the key that it needed to talk to the Cloud Orchestrator. After that, as I started adding devices, it was relatively quick and easy.
Provided that you can get the VM spun up without politics involved, it takes a couple hours to a day to set up.
What about the implementation team?
It was just myself who set it all up.
Once we got the virtual machines spun up for the onsite piece of it, we got it connected to the cloud, added a few devices, and went on from there. It was straightforward. There wasn't anything that really required much human interaction.
What was our ROI?
The biggest thing that we were looking at it for was the ability to push out a mass firewall change, if we needed it to. We just never got to a point of testing that feature and setting that up.
What's my experience with pricing, setup cost, and licensing?
It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours, but we didn't spin it up with the intent to permanently move over to it. It was just something our account team said, "You have this. Why don't you try it out?"
Which other solutions did I evaluate?
We are still using FireMon as our firewall manager right now. FireMon is definitely a little more feature-rich. It definitely could get further into the rule base of it. We didn't use FireMon to deploy anything, so it was more or less just to validate configuration, put a source and destination, and have it spit out what firewalls it would hit. We never really tried to sit down and do a comparison between the two. The UI within FireMon has probably a little more security-centric viewpoint.
I don't always spend a lot of time in either FireMon or CDO. These are for the security team who have ability to look and see policy, and if they want to make any changes or remove anything of that nature.
We are moving away from FireMon and starting to look more at a RedSeal approach right now. Some other members of my team have looked pretty closely into it. Our security team really liked it. I think they've actually issued a PO for it.
We will probably not be increasing usage of the product because we are moving over to Palo Alto firewalls. Eventually, a lot of ASAs that we have will be phased out.
What other advice do I have?
It was just something for us to spin up and look through, then see if it was something that could benefit us from a policy perspective by pushing policy out. It might have been able to, but it was a little cumbersome to select firewalls. We just didn't go through and spend a lot of time with it.
With the security features around storing firewall configurations in the cloud, I sort of go back and forth on it. you are putting a configuration out there on the cloud for somebody to read. However, it is a private cloud that Cisco manages, so all we can really do is hold Cisco accountable if something happens. While I don't have strong feelings about this, my organization does. They don't like to have it out there.
We have not used it for spinning it up and having a look.