Cisco Firepower NGFW Firewall Review

Stable and scalable with very responsive technical support

What is our primary use case?

The way we've installed Firepower was for the migration process. For example, there was a data center consolidation, and therefore we had to move everything. We offer data center products to our customers across VPN funnels. We had to move away from older ASAs, so it's a lift and shift. We move older ASAs, which were dispersed in many sites, and we consolidated a couple of services in a single site. Firepower was left there in place. I came in and I took over the administration duties, and now I'm trying to put everything together in a way that it makes sense.

With Firepower, they have better hardware. It's fitted for more throughput, more load. I'm trying to centralize service delivery on this high-availability pair and move all the remote access to Firepower. Then, it's all part of a transition process from a hybrid cloud to a full cloud deployment on a cloud provider. It's mostly just a necessary pain, until we move away from our on-prem deployments. Currently, I'm working with Azure, etc. and I try to look at the main design of the whole process, even though it's going to take two years. 

COVID has also made everything very, very slow for us as we try to move away from our initial plan.

What is most valuable?

The 2100 models are extremely useful for us.

It's got the capabilities of amassing a lot of throughput with remote access and VPNs. 

What needs improvement?

They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me.

For how long have I used the solution?

We've been using the solution for about a year.

What do I think about the stability of the solution?

The solution is pretty solid in terms of stability, however, I prefer Palo Alto. For the enterprise world, it's better to have Palo Alto. For the service provider field, Firepower is quite well suited, I'd say. That said, Palo Alto, is definitely the enterprise way to go. For a smaller deployment, you can also go with FortiGate. It's simple, however, it works for smaller offices.

What do I think about the scalability of the solution?

The scalability of the product is pretty good. If you need to expand it, you can do so with relative ease.

How are customer service and technical support?

The technical support is amazing. They do reply quickly, and often within an hour. It's been great. I've worked at Cisco before, however, with the type of contract we are in, I find it super fast right now. We're quite satisfied with the level of support.

What's my experience with pricing, setup cost, and licensing?

I don't have any knowledge as to what the product costs. It's not part of the business I deal with.

Palo Alto, it's my understanding, is a little more expensive, however, it depends on the users and on the design. It always depends on the contract

What other advice do I have?

We're just customers. We don't have a business relationship with Cisco.

It's a solid, reliable product, however, if it's right for a company depends on the use case and the size of the organization. For a startup, this might not be a suitable option.

Overall, I'd rate this solution nine out of ten. As a comparison, if I was rating Palo Alto, I would give it a ten out of ten.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Cisco Firepower NGFW Firewall reviews from users
...who work at a Comms Service Provider
...who compared it with Fortinet FortiGate
Learn what your peers think about Cisco Firepower NGFW Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
523,431 professionals have used our research since 2012.
Add a Comment
ITCS user