We just raised a $30M Series A: Read our story
RP
System Administrator at a non-profit with 1-10 employees
Real User
User-friendly UI, blocking by category, has plenty of features

Pros and Cons

  • "You do not have to do everything through a command line which makes it a lot easier to apply rules."
  • "The solution could offer better control that would allow the ability to restrictions certain features from a website."

What is our primary use case?

We use the solution to monitor the connections as part of our parameter protection for our network. We restrict what kind of traffic comes in and out, we use it basically for traffic management.

What is most valuable?

Cisco used to be all command-line operations and now Firepower is in a way modelled from FortiGate. Firepower has integrated a UI into it now.

You do not have to do everything through a command line which makes it a lot easier to apply rules.

You are able to see the traffic of what sites users are visiting.

There are warnings if you are about to go to sites that could be malicious.

It also allows you to block within categories, such as, by URL.

The solution always had these capabilities, but it did not have a user interface that was user-friendly.

What needs improvement?

The solution could offer better control that would allow the ability to restrictions certain features from a website. For example, If we want to allow YouTube but not allow uploads or we want to allow Facebook but not allow the chat or to playing of videos. This ability to customize restrictions would be great.

For how long have I used the solution?

We have been using the solution for three months now. We have always used Cisco but before we were using the ASA and now we use the new version with the threat defence.

What do I think about the stability of the solution?

The stability is good so far.  My opinion could change in another couple of months once we get more deeply involved with the solution.

What do I think about the scalability of the solution?

We currently are protection approximately 220 users.

How are customer service and technical support?

We just deployed it a couple of months ago, we have not used the tech support with the Firepower yet. We have not had an issue that we have had to raise with them. 

Generally, the tech support for Cisco takes too long to go through the different tiers of support agents to get to someone that can resolve the issue. You end up speaking to someone that is not qualified to solve the issue, then you have to be escalated upwards over and over. This system could be better.

I rate the tech support service generally from Cisco a seven out of ten.

How was the initial setup?

The installation is not hard and not easy either, it falls in between.

What about the implementation team?

The time of implementation took us two to three days. This was in part because we were migrating from another Cisco firewall. The config files were already there, we just had to bring them over. While having the config files we just had to set up the hardware to have us up and running. The install could have taken longer if this was not the case.

What other advice do I have?

Currently, I would give this solution high marks because I have not had a problem. However, keeping in mind, my evaluation period has been short. I would not give the solution a ten, nothing is perfect.

I rate Cisco Firepower NGFW Firewall a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Syed Khalid Ali
Senior Solution Architect at a tech services company with 51-200 employees
Real User
Top 5
pxGrid enables all devices on the network to communicate

Pros and Cons

  • "The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
  • "The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."

What is our primary use case?

I use Firepower for all kind of customers; healthcare, government, banks etc. All all of them have different use cases and requirements. In most cases, I would mostly end up with enterprises or government organizations. If you are already have all Cisco gears, I would suggest to consider it as it will allow you to have a more integrated approach toward other network components.                                                                                      

How has it helped my organization?

I will definitely recommend it to any customer. But, it all depends on the requirements and money you have. But the Intrusion Prevention and anti-malware is really good with this solution. Overall, it is a really good product.

I remember a customer who was using another firewall product and they had serious issues in intrusion and malware detection and prevention. Plus, the reporting was not that detailed. I did a demo with these people with FTDv and FMCv and they were amazed with the solution.

What is most valuable?

The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF.  This allows all devices on the network to communicate. I find it to be a more proactive approach as all devices collaborate with ISE in real time. I did a demo for a customer and there were no second thoughts in the usability of the solution. You should give it a try to find out more about how this works.

What needs improvement?

The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution. They should include a cloud-based sandbox as part of the security subscription service. In my experience, apart from the expensive price, SMB customers are lured away by other vendor solutions because of these reasons.                      

For how long have I used the solution?

I work for a systems integrator, who is also a partner for Cisco and other security vendors. I have a reasonable hands-on with different firewall products. I have been doing it since v6.1 release. Firepower is a bit difficult and takes time to learn.

Which solution did I use previously and why did I switch?

I did use and deploy different firewall solutions for various customers. But every customer has his own pain points. For example, for one of the customers, he was purely looking for URL filtering. We went with Sangfor IAM in that case. They have a very strong focus on application and URL filtering and user behavior management. Plus, reporting was very extensive. 

What's my experience with pricing, setup cost, and licensing?

In my country, deployment may be charged from USD 1K to USD 10K depending on setup cost. There are different types of licenses:

  • Threat
  • URL
  • Anti-malware

I would suggest going with an all-in-one bundle. You will end up saving money. Also, Cisco has a better discount on a 3YR subscription plan. Discuss this with your Cisco AM.

Which other solutions did I evaluate?

Yes, this included firewalls from Huawei, Fortinet, Sangfor, and Sophos. Most of the customers end up with:

  • Fortinet,
  • Sophos
  • Sangfor
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Cisco Firepower NGFW Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.
Guillermo  Fernandez
Security Consultant at IKUSI
MSP
Top 20
Good integration with helpful technical support and very good administration capabilities

Pros and Cons

  • "The solution offers very easy configurations."
  • "The initial setup can be a bit complex for those unfamiliar with the solution."

What is our primary use case?

I often work with financial sector companies such as banks as well as retail organizations.

What is most valuable?

The solution offers very easy configurations.

The administration of the solution is very good.

The product integrates well with other products.

What needs improvement?

The initial setup can be a bit complex for those unfamiliar with the solution.

There are better solutions in terms of border security. Palo Alto, for example, seems to be a bit more advanced. 

The cost of the solution is very high. Fortinet, as an example, has good pricing, whereas Cisco has very high costs in comparison.

For how long have I used the solution?

We've used the solution recently. We've used it at least over the last 12 months or so.

What do I think about the stability of the solution?

The stability of the solution is pretty good. I don't recall having issues with this aspect of the solution.

What do I think about the scalability of the solution?

This particular product does not have high availability and therefore scalability is limited.

You need a pretty sizable solution for a center.

We have about 300 clients using this solution, and therefore the amount of people on the solution is very high, however, I don't have the exact number of users across all clients. For solutions providers, we have IT solutions for maybe around 5,000 users.

How are customer service and technical support?

I have experience working with technical support from Cisco. It's very easy to contact them and talk with them. There were times we worked using email, for example, for communication. We also worked with Cisco engineers in Mexico directly. We're very satisfied with the level of service so far.

Which solution did I use previously and why did I switch?

We also work with Fortinet and Palo Alto, for example. As a reseller, we work with many solutions.

How was the initial setup?

I did not directly implement the solution. I don't have the right type of expertise. You need to know a bit about what you are doing, otherwise, the initial setup is a bit complex.

You may need, for example, a separate management device for this kind of solution. It's quite difficult to handle if you don't have in-depth knowledge.

What's my experience with pricing, setup cost, and licensing?

The cost of the solution is quite high. It's very expensive compared to other options. For example, Fortinet is much more reasonably priced.

What other advice do I have?

I am working for a Cisco seller in Mexico, and we have a relationship with Cisco. We are a gold partner. We ensure that the development is of the proper sizing for our clients.  

I would rate the solution at a nine out of ten. We've had a very good experience so far. The only downside is that it's not as advanced as, for example, Palo Alto. That said, if you have the right skills to manipulate the configuration capabilities, Cisco is quite good.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
HP
Senior Solutions Consultant at a comms service provider with 10,001+ employees
Consultant
Top 20
Stable with a straightforward setup and good overall features

Pros and Cons

  • "The implementation is pretty straightforward."
  • "In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."

What is our primary use case?

The solution is primarily used for protecting the environment, or the cloud environments for our customers.

What is most valuable?

All the specific features you find within the NextGen firewall are quite useful. The touch intel feature is specifically useful to us. We deliberately choose this kind of product due to its set of features. 

The implementation is pretty straightforward.

What needs improvement?

The security market is a fast-changing market. The solution needs to always check if the latest threats are covered under the solution. 

It would always be helpful if the pricing was improved upon a bit.

In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard.

For how long have I used the solution?

We've been using the solution for about five or more years at this point.

What do I think about the stability of the solution?

The solution is stable. It's very reliable. It doesn't crash or freeze and doesn't seem to be plagued by bugs or glitches.

What do I think about the scalability of the solution?

The solution can scale quite well. A company that needs to expand it can do so easily.

In our case, we have clients with anywhere between 1,000 and 10,000 users.

How are customer service and technical support?

We have our own in-house team that can assist our clients should they need technical support. They're quite knowledgeable and can handle any issues.

Which solution did I use previously and why did I switch?

I also have experience with Fortinet and Check Point.

How was the initial setup?

The implementation isn't complex. It's straightforward. However, it also depends on the specifications of the customer. Normally we check that out first and then we can make a judgment of how to best implement the solution.

Typically, the deployment takes about two days to complete.

In terms of maintenance, we have about five people, who are engineers, who can handle the job.

What about the implementation team?

We deliver the solution to our customers.

What's my experience with pricing, setup cost, and licensing?

You do need to pay for the software license. In general, it's a moderately expensive solution. It's not the cheapest on the market.

What other advice do I have?

We're a partner. We aren't an end-user. We are a managed security provider, and therefore we use this solution for our customers.

We always provide the latest version of the solution to our clients.

Typically, we use both cloud and on-premises deployment models.

I'd recommend the solution to others. It's quite good.

On a scale from one to ten, I would rate it at an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Cassio Maciel
Network Security Engineer at a financial services firm with 1,001-5,000 employees
Real User
Top 20
Great for blocking attacks, best support, and very easy to use

Pros and Cons

  • "The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
  • "Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."

What is our primary use case?

I use it to protect my DMZ from external attacks.

How has it helped my organization?

Last year, we received a lot of linear service attacks in our environment during the Black Friday season. Cisco Firepower blocked every attack.

What is most valuable?

The Adversity Malware Protection (AMP) feature is the most valuable. 

It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard.

What needs improvement?

Its interface is sometimes is a little bit slow, and it can be improved.

When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. 

In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment.

For how long have I used the solution?

I have been using Cisco Firepower for two years.

What do I think about the scalability of the solution?

We use it specifically for DMZ, so we don't need it to scale it up. Because we are using this solution for a specific environment, we don't plan to increase its usage.

We have a few teams who use this solution. We have the information security team for reading the logs and policies. We have administrators, and we also have contractors for the network operation center to analyze some logs and reports. 

How are customer service and technical support?

We have used their technical support. They are amazing. Cisco's technical support is the best.

Which solution did I use previously and why did I switch?

We have used Check Point and one more solution. The main difference is in the IPS signatures. Cisco Firepower has precise and most updated IPS signatures.

How was the initial setup?

The initial setup is easy. The deployment took two months because we didn't have Firepower previously, and it took us some time to plan and implement.

What about the implementation team?

We used our reseller and contractor to deploy Cisco Firepower. They were good.

What other advice do I have?

I would recommend this solution. I would rate Cisco Firepower a nine out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Gyaneshwar Upadhyay
Senior Network Engineer at BCD Travel
Real User
Top 20
User friendly and easy to use GUI, but stability and scalability need improvement

Pros and Cons

  • "If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
  • "We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."

What is our primary use case?

We are currently using this solution as a VPN and an internet firewall in some locations. In our data center, we are still using FortiGate as an internet firewall but we are evaluating other options.

What is most valuable?

If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.

What needs improvement?

We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve.

For how long have I used the solution?

I have been using Cisco Firepower NGFW Firewall for approximately three years.

What do I think about the stability of the solution?

The solution is not stable. There seems to be always some issues. This is not ideal when you are running a system in a data center environment.

What do I think about the scalability of the solution?

There is room for improvement in the scalability of this solution.

How are customer service and technical support?

I was satisfied with the support we received.

How was the initial setup?

When I did the installation three or four years ago it was challenging. 

What's my experience with pricing, setup cost, and licensing?

This solution is expensive and other solutions, such as FortiGate, are cheaper.

Which other solutions did I evaluate?

I have evaluated FortiGate firewalls and when comparing with this solution there is no clear better solution, they each have their pros and cons.

What other advice do I have?

I would recommend a Next-Generation firewall. FortiGate has a Next-Generation firewall but I have never used it. However, it would be similar to the Cisco Next-Generation FirePOWER, which has most of the capabilities, such as running all the BDP sessions and having security intelligence in one system. 

I would recommend everyone to use this solution.

I rate Cisco Firepower NGFW Firewall a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
SG
Information Systems Coordinator at a insurance company with 51-200 employees
Real User
Top 5Leaderboard
Comparable pricing, stable, with good and responsive technical support

Pros and Cons

  • "There are no issues that we are aware of. It does its job silently in the background."
  • "The initial setup could be simplified, as it can be complex for new users."

What is our primary use case?

We use this solution for our firewall and intrusion prevention system.

What is most valuable?

The most valuable feature is that I have 16 public IP addresses that tunnel through into servers inside. 

There are no issues that we are aware of. It does its job silently in the background.

What needs improvement?

The initial setup could be simplified, as it can be complex for new users.

For how long have I used the solution?

We have been working with this solution for a couple of years.

What do I think about the stability of the solution?

It's stable. If there is ever a problem, it never seems to be the firewall.

What do I think about the scalability of the solution?

This particular model can't quite handle the bandwidth we need. We're actually replacing it shortly with the new higher capacity model.

How are customer service and technical support?

Technical support is good. They are responsive.

How was the initial setup?

The initial setup was somewhat complex at first.

What about the implementation team?

We had help from an integrator, which was Dell. They were helpful.

What's my experience with pricing, setup cost, and licensing?

The price is comparable.

What other advice do I have?

We are just at the beginning of the deployment of Arctic Wolf for managed detection and response. We don't have a lot of information yet, as we are onboarding it now.

We wanted to have someone watching and we couldn't set up the SOC by ourselves because we need six security dedicated people to man it at all times. With a staff of 80, it was too much. We engaged Arctic Wolf to be our 24/7 eyes on the potential risks that are happening. They can alert us and we can deal with it.

We like to use the integrator just to make sure that the firewall is set up correctly. If you don't have people dedicated to the firewall, then you can't do it in-house.

I would rate the Cisco firepower NGFW Firewall a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
NJ
Administrator at a university with 1,001-5,000 employees
Real User
Top 5Leaderboard
A firewall solution with a straightforward setup and a useful incidence response feature

Pros and Cons

  • "I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
  • "Cisco Firepower NGFW Firewall can be more secure."

What is our primary use case?

Cisco Firepower NGFW Firewall has a lot of environment to use for your network to see what kind of critical threats are coming or going. I use it to find out what this threat is and then formulate a strategy for it. I use it a lot on my simple network to see how it works, inspect the network traffic, and so on. 

What is most valuable?

Cisco Firepower NGFW Firewall is a really helpful product for network security. I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is useful.

What needs improvement?

Cisco Firepower NGFW Firewall can be more secure. But no product is 100% secure, so it's a case of always wanting more security. The product is also really expensive. It would help if they provided free academic access to the enterprise edition for students for a whole month, two months, three months, or a year.

For how long have I used the solution?

I have been using Cisco Firepower NGFW Firewall for about two years.

Which solution did I use previously and why did I switch?

I used Cisco ASA Firewall, but in our specific environment and not for the whole network.

How was the initial setup?

It's easy to install Cisco Firepower NGFW Firewall. You can install it on the platform with all the images in one set form. It took me about 20 to 30 minutes to install. 

What about the implementation team?

I implemented Cisco Firepower NGFW Firewall on my own.

What's my experience with pricing, setup cost, and licensing?

For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive. But it should be affordable for enterprises and educational institutions.

What other advice do I have?

I would recommend Cisco Firepower NGFW Firewall to potential customers.

On a scale from one to ten, I would give Cisco Firepower NGFW Firewall a ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Firewalls
Buyer's Guide
Download our free Cisco Firepower NGFW Firewall Report and get advice and tips from experienced pros sharing their opinions.