Cisco Firepower NGFW Review
The most valuable features are the IPsec VPN and web filtering. It seems very clunky and slow.


What is our primary use case?

Our primary use case is as a firewall and using it for web filtering. We use IPsec VPN services on it, as well as the router.

I have been using the product for only a few months, but the company has been using it for a couple of years.

How has it helped my organization?

The use of it has really bogged down our response time for certain problems, given we have to go through AT&T for everything. I don't think really highly of it, though.

What is most valuable?

The IPsec VPN and web filtering.

What needs improvement?

I would like the ability to pick and choose different features of it to run in a packaged infrastructure or modules, therefore I would like to have more customizability over it. 

It seems very clunky and slow. I would like to be able to tune it to be a more efficient product.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It has generally been okay in terms of stability. We haven't had it go down, but we do have some interruptions. I don't know if it is the ISP or the firewall. We have more frequent network disruptions, and other branches call in telling us that they are unable to use their services to do their job. Unfortunately, we can't really do anything about it. It just clears up in about five or six minutes. In terms of stability, I would give it a seven and a half out of 10.

What do I think about the scalability of the solution?

I don't see it being very scalable. I don't have access to the actual interface on it. However, it is an older product, so it probably doesn't have high availability features. So, it's scalability is probably limited. I know that we kind of put it through the ringer with our fewer than a hundred connections into it.

How is customer service and technical support?

AT&T handles our technical support, since it's leased through them.

How was the initial setup?

I was not involved with the initial setup.

What's my experience with pricing, setup cost, and licensing?

We pay a lot of money for it.

For big organizations who are used to throwing around a lot of money for absolutely surety, this would probably be a good fit for them. For the average SME, this particular firewall system, as well as Cisco in general, this product would not be a good fit for them.

Which other solutions did I evaluate?

We are currently looking at WatchGuard, pfSense, and Fortinet FortiGate. Netgate would provide the hardware.

We have still got nine months left on our contract with AT&T before we can actually do anything. We are just trying to do as much research and ask as many questions as we can before we get to that point.

What other advice do I have?

We just don't have a lot of the control or customizability that we would like to have over the system. A lot of this has to do with how AT&T is handling the access to it. Also, the hardware is outdated. We would like to go with a product in which everything is very transparent, clear, organized, all in the same place, and we can monitor clearly. The reason that we are looking to change is price: We pay a lot for it. If we had more control over it, we would be better able to control the quality and performance of the network and services, as well as the budget.

The most important criteria when selecting a vendor:

  • IPsec VPN
  • Good stable connection
  • Failover support: We need to have dual-WAN, so we can get two WAN connections in there and have failover. 
  • Load balancing would be good, especially for those rough patches. 
  • Internal web filtering and blocking: We need to be able to control what our end users are looking at.
  • Monitoring: As much monitoring as we can get.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Add a Comment

Guest
Why do you like it?

Sign Up with Email