Cisco Firepower NGFW Firewall Review

Meets my requirements regarding VPN, perimeter protection, and applications


What is our primary use case?

I protect my two servers with the help of Firepower. Both servers are connected to the Firepower and I monitor the traffic to both servers with it. I block traffic from all countries except the USA, for security purposes.

How has it helped my organization?

It meets my requirements regarding VPN, perimeter protection, and applications. I'm comfortable with what Firepower does for me. Firepower is the only security product deployed in my organization.

The Talos team is very expert and does a good job. It is a great achievement by Cisco for Firepower. It analyzes all the websites and viruses that could create vulnerabilities. Talos helps us by providing major protection. They maintain everything and we don't need any other security appliances. In the future, we may go for an email security appliance, but right now Firepower is enough for us. Without the Talos team, the Firepower might not fulfill our requirements.

For example, if I receive an email and it has a potentially malicious link, I can enter the link in the Talos website and it will provide me with all the details about the website link in the email, including which country and IP it is from. I always try to cross-check any potentially malicious links with Talos. It tells me whether I am vulnerable or not.

What is most valuable?

One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses.

It also handles application vulnerabilities. I have blocked some applications in my Firepower. In addition, there are predefined policies that come with the Firepower and I have created my own policies as well.

We also use Cisco switches, the 2920 for Layer 2 and the 3560 for Layer 3. The Firepower is integrated with the 3560. I have configured a gateway on the 3560 and all our traffic goes through the switch and is then passed on to the Firepower. The integration between the two was very easy.

What needs improvement?

One feature I would like to see, that Firepower doesn't have, is email security. Perhaps in the future, Cisco will integrate Cisco Umbrella with Firepower. I don't see why we should have to pay for two separate products when both could be integrated in one box.

For how long have I used the solution?

I have been using Cisco Firepower for two years.

What do I think about the stability of the solution?

It's a very mature product and runs smoothly.

Which solution did I use previously and why did I switch?

Before the Firepower I was using a traditional firewall, the ASA 5510. We went to the Firepower because the 5510 did not have port security, anti-malware protection, or IDS/IPS.

I have seen a lot of events using the Firepower: vulnerability events, countries, and IPs. As a result, I feel I am secure when compared with other firewalls. With my previous firewall, I didn't have the option of blocking a country, website, or IP.

What other advice do I have?

I would advise using Firepower and not other products because other products do not have all the features available in Firepower.

We are looking to integrate with Cisco Umbrella next year and we will integrate our switches and Cisco Firepower with it.

It has been a good investment for my organization and I'm happy to be using it. All its features are good. It's a great firewall for a small business. But you really need to know what you are doing to get the most benefit from it. Overall, I don't think anybody can replace Firepower or Cisco.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Cisco Firepower NGFW Firewall reviews from users
...who work at a Financial Services Firm
...who compared it with Fortinet FortiGate
Add a Comment
Guest