Cisco Firepower NGFW Firewall Review

pxGrid enables all devices on the network to communicate

What is our primary use case?

I use Firepower for all kind of customers; healthcare, government, banks etc. All all of them have different use cases and requirements. In most cases, I would mostly end up with enterprises or government organizations. If you are already have all Cisco gears, I would suggest to consider it as it will allow you to have a more integrated approach toward other network components.                                                                                      

How has it helped my organization?

I will definitely recommend it to any customer. But, it all depends on the requirements and money you have. But the Intrusion Prevention and anti-malware is really good with this solution. Overall, it is a really good product.

I remember a customer who was using another firewall product and they had serious issues in intrusion and malware detection and prevention. Plus, the reporting was not that detailed. I did a demo with these people with FTDv and FMCv and they were amazed with the solution.

What is most valuable?

The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF.  This allows all devices on the network to communicate. I find it to be a more proactive approach as all devices collaborate with ISE in real time. I did a demo for a customer and there were no second thoughts in the usability of the solution. You should give it a try to find out more about how this works.

What needs improvement?

The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution. They should include a cloud-based sandbox as part of the security subscription service. In my experience, apart from the expensive price, SMB customers are lured away by other vendor solutions because of these reasons.                      

For how long have I used the solution?

I work for a systems integrator, who is also a partner for Cisco and other security vendors. I have a reasonable hands-on with different firewall products. I have been doing it since v6.1 release. Firepower is a bit difficult and takes time to learn.

Which solution did I use previously and why did I switch?

I did use and deploy different firewall solutions for various customers. But every customer has his own pain points. For example, for one of the customers, he was purely looking for URL filtering. We went with Sangfor IAM in that case. They have a very strong focus on application and URL filtering and user behavior management. Plus, reporting was very extensive. 

What's my experience with pricing, setup cost, and licensing?

In my country, deployment may be charged from USD 1K to USD 10K depending on setup cost. There are different types of licenses:

  • Threat
  • URL
  • Anti-malware

I would suggest going with an all-in-one bundle. You will end up saving money. Also, Cisco has a better discount on a 3YR subscription plan. Discuss this with your Cisco AM.

Which other solutions did I evaluate?

Yes, this included firewalls from Huawei, Fortinet, Sangfor, and Sophos. Most of the customers end up with:

  • Fortinet,
  • Sophos
  • Sangfor
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Cisco Firepower NGFW Firewall reviews from users
...who work at a Financial Services Firm
...who compared it with Fortinet FortiGate
Add a Comment