Cisco Defense Orchestrator Pros and Cons

Cisco Defense Orchestrator Pros

Todd Ellis
CTO at Secure Networkers
There are a lot of templates that are already built-in. They give you quick-to-create and quick-to-apply policies that are typically a little more complicated for people.
When we're looking to the policies, it identifies the shadow rules. It notifies us about anything that will supersede other rules.
View full review »
Dave Klunk
Network Security Engineer at a manufacturing company with 10,001+ employees
If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time.
We have quite a few Active Stone by pairs. If they fail over... I'll see that there's a change on it and I'll have a look. The only change on it is that now this one is the standby, it took over the active role. I can go into that firewall and find out what happened... and troubleshoot based on that. That's pretty cool too.
View full review »
Architect1152942
Systems Architect at a university with 1,001-5,000 employees
The ability to do operations on multiple firewalls at once is valuable because it saves time and mental effort. The solution's ability to make bulk changes makes it very convenient to manage things at once on multiple targets.
For this product, they are very uncharacteristically interested in resolving whatever issue the customer reports. They're really attentive, and they address whatever we bring up as quickly as they can. That's been a very positive aspect of the product.
View full review »
Find out what your peers are saying about Cisco, Tufin, FireMon and others in Firewall Security Management. Updated: December 2019.
382,892 professionals have used our research since 2012.
Richard Barton
Network and Data Centre Platform Manager at a manufacturing company with 1,001-5,000 employees
The most valuable feature is being able to do centralized upgrades on the ASAs. We can select all of those ASAs, and say, "Upgrade these ASAs at this scheduled time." It will copy down the ASA image, ASDM image, and then do the upgrade and failovers, and then put it all back into service as required at a scheduled time. It automates that process for us.
View full review »
Hamed Khakipour
Sr. Network Engineer at Vocera
I like the upgrade feature. That is pretty valuable to me because I have dual ASAs and when I go through CDO it does it for me pretty well. It's all done in the back-end and I don't really have to be involved. I just initiate, pick the image, and I pick when I want it done and it just does it, whether I have a single ASA or have a dual ASA.
View full review »
Jairo Mendes
Network and Security Specialist at Connected Technology, LLC
We use a lot of image upgrades. We take some 20 devices and then we update everything at once, including the policies. We apply policies for groups. For certain groups, like anti-viruses, we send out policies and apply them to every single device. It's really easy and simple.
View full review »
AndreasForby
Systems Engineer at a tech services company with 11-50 employees
The most valuable feature is that you can push one policy or one rule out to several devices at a time.
View full review »
NetworkEa55f
Network Engineer at a healthcare company with 10,001+ employees
The initial setup was straightforward. We spun up the VM onsite. We generated the key that it needed to talk to the Cloud Orchestrator. After that, as I started adding devices, it was relatively quick and easy.
The ability to see the uptimes on the different VPNs that we have configured for site-to-site.
View full review »
Mohamed Nabih
I.T. Manager at Egypt Foods group
This product provides excellent centralized device controls and reporting.
View full review »
Isiac Sullivan
Network Administrator at Texas Hydraulics
The bulk changes feature is definitely the most valuable.
View full review »

Cisco Defense Orchestrator Cons

Todd Ellis
CTO at Secure Networkers
We had some MX devices that were blocking Windows Update from happening. We found out it was a Meraki issue, but it would have been nice if it had been flagged for us: "Hey, these updates are failing because the MX is blocking it." It wasn't a huge problem, but there was a loss of our time as well as the fact that the updates didn't get pushed out... It would have been nice if CDO had let us know that that was an issue.
View full review »
Dave Klunk
Network Security Engineer at a manufacturing company with 10,001+ employees
I'd like CDO to be the one-stop-shop where we could do all the configurations easily. It would be nice, for ASA upgrades, if we could do them from a central repository and not have to reach out to Cisco. That would be a definite plus.
View full review »
Architect1152942
Systems Architect at a university with 1,001-5,000 employees
I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free.
View full review »
Find out what your peers are saying about Cisco, Tufin, FireMon and others in Firewall Security Management. Updated: December 2019.
382,892 professionals have used our research since 2012.
Richard Barton
Network and Data Centre Platform Manager at a manufacturing company with 1,001-5,000 employees
There could be some slight improvements to navigation. In some of the navigation you've got to go back to be able to get into where you need to be once you've made a change. If I make a change, I've then got to go back to submit and send the change.
View full review »
Hamed Khakipour
Sr. Network Engineer at Vocera
The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities.
View full review »
Jairo Mendes
Network and Security Specialist at Connected Technology, LLC
CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring.
View full review »
AndreasForby
Systems Engineer at a tech services company with 11-50 employees
If I make a change locally to the firewall, CDO gives an alarm or an error message and says there's a change in compliance: "The firewall has this configuration but the last time it was compiled it had that configuration." That view of new changes versus the old could be better... I had to log in manually, locally on the firewall, to check which version, which configuration was actually running. I couldn't see it in CDO.
View full review »
NetworkEa55f
Network Engineer at a healthcare company with 10,001+ employees
When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up.
View full review »
Mohamed Nabih
I.T. Manager at Egypt Foods group
It would be a better product if it incorporated device control for third-party products easily.
View full review »
Isiac Sullivan
Network Administrator at Texas Hydraulics
It should have more features to manage FirePOWER appliances.
View full review »
Find out what your peers are saying about Cisco, Tufin, FireMon and others in Firewall Security Management. Updated: December 2019.
382,892 professionals have used our research since 2012.
Sign Up with Email