Cisco Sourcefire Firewalls Review

Good signature detection, intrusion detection, IDS, and IPS


What is our primary use case?

We primarily use the solution for internet access firewalls.

How has it helped my organization?

The solution allows you to be more agile and react faster.

What is most valuable?

The Sourcefire stuff itself is the most valuable feature. Signature detection, intrusion detection, IDS, and IPS are all very good. AMP is very useful. I like that you can put it onto devices as well.  The aggregated views in FMC that you get when you're a global shop which is centralized, and then offers gateways per region. In Europe, America and APAC, you have all the data coming together in the FMC. That's quite nice.

What needs improvement?

The FMC could be a little bit faster.

It will be nice if they had what you traditionally would use a web application scanner for. If the solution could take a deeper look into HTTP and HTTPS traffic, that would be nice.

For how long have I used the solution?

I've been using the solution for 1.5 years.

What do I think about the stability of the solution?

The stability of the solution is very good. We can see that it gets even better with every release.

What do I think about the scalability of the solution?

For us, the scalability is good, because we sized everything right, right from the beginning. If you size it right, it's very good. We don't plan on adding more firewalls, unless we suddenly grow exponentially, which we're not expecting to do at this point.

How are customer service and technical support?

We only contacted technical support during initial implementation and that was all handled by the consultant. I have a lot of other Cisco related tickets open, so we're used to the process.

I would say, however, that we're also using Meraki, and the Meraki support is way better, in my opinion. 

Cisco support tends to take longer, and I mean really long given the fact that subject matter is sometimes also more complicated, so it really depends. When you compare that directly to Meraki, Meraki answers the same day, and I cannot say that about the legacy Cisco support items. I can understand that the market for the legacy service is so much bigger for Cisco, so I can see why it takes longer.

How was the initial setup?

The initial setup was complex because we had to migrate old ASA firewalls. The ACLs, or rather the policies, are very different now, and way more elaborate, so that that took some tweaking, and some consulting and some time. 

Deployment took two months. We had to make sure that our old ACL base settings from the ASAs were correctly translated and implemented into the new FTD setups.

What about the implementation team?

We used a consultant to assist with implementation.

Which other solutions did I evaluate?

We've looked at a few options, but we have an internal policy that says, unless noted otherwise, network equipment has to be Cisco based. We had to go with a Cisco product.

What other advice do I have?

We are using the on-premises deployment model.

My advice for those considering the solution is this: if you want to migrate something, plan enough time for testing before you come over to the solution. You should also watch as many webinars as you can about that solution, or get a consultant and do a proper lab set up and go through the whole thing with them. It's is definitely worthwhile, given the complexity of the whole product.

I would rate the solution nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email