Cisco Firepower NGFW Pros and Cons

Cisco Firepower NGFW Pros

JoshuaThums
Network Administration Lead at Forest County Potawatomi Community
The most valuable features of Cisco firewalls are the IPS and IDS items. We find them very helpful. Those are the biggest things because we have some odd, custom-made products in our environment. What we've found through their IPS and IDS is that their vulnerability engines have caught things that are near-Zero-day items, inside of our network.
View full review »
EduardoViero
IT Infrastructure Specialist at RANDON S.A
The protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sites
View full review »
Dave Cooper
Network Engineer at CoVantage Credit Union
Once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering.
View full review »
Find out what your peers are saying about Cisco, Fortinet, pfSense and others in Firewalls. Updated: November 2019.
378,327 professionals have used our research since 2012.
Paul Chauchis
Security Architect at a comms service provider with 10,001+ employees
The IPS, as well as the malware features, are the two things that we use the most and they're very valuable.
View full review »
Al Faruq Ibna Nazim
Head of Technology at Computer Services Ltd.
Cisco Firepower NGFW is really easy to use right now to determine when my file requires a shift from primary to secondary status, and it can be done with automation. Earlier we used to do this with patching.
View full review »
Girish Vyas
Architect - Cloud Serviced at a comms service provider with 11-50 employees
They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. So that is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities.
View full review »
sentwrkpres56
Senior Network Support & Presales Engineer at a tech services company with 51-200 employees
I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment.
View full review »
Seniodascie9887
Senior Data Scientist & Analytics at a tech services company with 11-50 employees
The architecture of FTD is great because it has an in-depth coverage and because it uses the AVC, (Application, Visibility, and Control) and also rate limits. Also, the architecture of fast paths is great.
View full review »
Nathan Chadwick
Technology Associate at a financial services firm with 1-10 employees
The most valuable features are the IPsec VPN and web filtering.
View full review »
Ali Abdo
Technical Manager at a comms service provider with 1,001-5,000 employees
Stability is perfect. I haven't had any problems.
View full review »

Cisco Firepower NGFW Cons

JoshuaThums
Network Administration Lead at Forest County Potawatomi Community
The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it.
View full review »
EduardoViero
IT Infrastructure Specialist at RANDON S.A
The user interface for the FirePOWER management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For FirePOWER, the user interface is not very user-friendly. It's a little bit confusing sometimes.
View full review »
Dave Cooper
Network Engineer at CoVantage Credit Union
In Firepower, there is an ability to search and dig into a search, which is nice. However, I'm not a super fan of the way it scrolls. If you want to look at something live, it's a lot different. You're almost waiting. With the ASDM, where it just flows, you can really see it. The second someone clicks something or does something, you'll see it. The refresh rate on the events in Firepower is not as smooth.
View full review »
Find out what your peers are saying about Cisco, Fortinet, pfSense and others in Firewalls. Updated: November 2019.
378,327 professionals have used our research since 2012.
Paul Chauchis
Security Architect at a comms service provider with 10,001+ employees
For the new line of FTDs, the performance could be improved. We sometimes have issues with the 41 series, depending what we activate. If we activate too many intrusion policies, it affects the CPU.
View full review »
Al Faruq Ibna Nazim
Head of Technology at Computer Services Ltd.
One feature lacking is superior anti-virus protection, which must be added.
View full review »
Girish Vyas
Architect - Cloud Serviced at a comms service provider with 11-50 employees
I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon.
View full review »
sentwrkpres56
Senior Network Support & Presales Engineer at a tech services company with 51-200 employees
Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC.
View full review »
Seniodascie9887
Senior Data Scientist & Analytics at a tech services company with 11-50 employees
The license system is also good but it's not very impressive. It's a very regular licensing system. They call it a smart license which means that your device will connect to the internet. This is a little bit of a headache for some customers. It doesn't make the customer happy because most of the customers prefer not to connect their firewall or system to the internet.
View full review »
Nathan Chadwick
Technology Associate at a financial services firm with 1-10 employees
It seems very clunky and slow. I would like to be able to tune it to be a more efficient product.
I would like the ability to pick and choose different features of it to run in a packaged infrastructure or modules, therefore I would like to have more customizability over it.
The use of it has really bogged down our response time for certain problems, given we have to go through AT&T for everything.
View full review »
Ali Abdo
Technical Manager at a comms service provider with 1,001-5,000 employees
I would like for them to develop better integration with other security platforms.
View full review »
Find out what your peers are saying about Cisco, Fortinet, pfSense and others in Firewalls. Updated: November 2019.
378,327 professionals have used our research since 2012.
Sign Up with Email