Cisco Sourcefire SNORT Review

Good functionality and has the possibility to have one manager for other firewalls but stability needs to improve


What is our primary use case?

I work directly with clients, such as financial companies like banks, for example. Most of the time they want they're product to be on their premises, only in their local area.

What is most valuable?

In general, the features are all great. However, if I need to take hardware for ASA because they need to upgrade to Firepower, we want to create rules. For that, most of the time we go to the command line. Right now Firepower is working really hard on the grid. You can apply all those rules to the grid. Even if you want to monitor the logs, for example, the activity will tell you which particular user has been blocked because of that rule. Firepower's monitoring interface is very good because you can see each and every piece. ASA also had it, but there you needed to type the command and be under the server to see all that stuff. In Firepower, you have the possibility to go directly to the firewall. The way the monitoring is displayed is also very nice. The feature I appreciate most in Firepower is actually the grid. The grid has worked very well. 

The functionality they have deployed is also very good. They provide the possibility to have one manager for other firewalls, which is Firepower Management Center. I can manage many other firewalls from Firepower Management Center, by just logging on to the other device. That feature is also very great. 

The idea that they implement the malware protection inside the firewall is another great feature. This has the same features and functionality as they had for the IPS device. The way they deploy the AMP is also great because from there we can even go to the packet level, both to the header of the packet, as well as inside the packet, to see if there is any virus there. Right now, the firewall has the possibility to pick up inspection, not only on the header of the packet but off the packet itself. That feature is very great.

There are a lot of features that I really appreciate with Firepower, which is why I advise most of my customers to go with Firepower.

What needs improvement?

To be frank, the product is not really stable, although they're working on that. Whenever I go to the technical community with an issue, they will usually say that it is not there yet, but the technical team is working on it. The issues are not insolvable. I think they should just keep working on the product to make sure that the product can become very stable. The technical support is great. I appreciate that. We have a lot of communities supporting Firepower now, so you can find help for whatever issue you have.

Another issue where there's room for improvement is that sometimes I feel like the device is heavy. For example, we can use either the physical or virtual device. Most of the time if you are using the virtual device, you need to have very good RAM. If, for example, we don't have a good RAM in the environment, the device will be kind of heavy. It will not run as quick as you want. Most of the time we need a  minimum of 4GB of RAM. Maybe they should add the possibility that we could use 2GB of RAM so that the device can be more lightweight.

Those are all small things, but if they can improve them it would be great. Of course, everything is dependent on the process running behind it. I don't know if they have the possibility to make these changes, but if they can, it would be great.

For how long have I used the solution?

I've been using this solution for almost two years.

How are customer service and technical support?

When I have an issue I usually go to the community. Most of the time I'll find the solution there. Right now, I don't have any open cases with Cisco, so I don't know if they're able to respond on time. For their other products like Fusion, I have an open case with their technical support team that I'm waiting for them to respond to. For Firepower, however, I don't have any issue that would lead me up to open up a case.

For my experience, technical support is okay. I never had the kind of issue that technical support could not resolve because I would just go to the community. The technical community is very good for me so far.

How was the initial setup?

For me, it was straightforward, maybe because I'm used to it. 

The first step is to install Linux because the product is based on Linux OS. Then, I just install the Firewall Management Center. After installing that, I install the full Firepower Firewall. From there, I would make sure that the Firewall Management Center and Firepower can ping each other, that they have connectivity. If that works, then I would add all the IPs of Firepower to the Firepower Management Center. Once that is finished, the whole installation is done, and I can try to call the Firepower Firewall directly to the grid from within Firepower Management Center.

I think the installation is okay. It is easy for me.

Deployment time varies from customer to customer. It depends on what things they want to deploy.

What other advice do I have?

I would recommend this solution and give it a rating of seven out of ten. That is mainly because of the expense. I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco devices are expensive compared to other devices. If not for that, I would rate it as nine out of ten. Because of the expense, I prefer to give it seven. Most of the time when I lose an offer from this product, it's only because of the expense. It is not because of the technical work that the product can do, just the cost of the device. That is the only reason the customer would not go for it directly.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment
Guest