Cisco Firepower NGFW Room for Improvement

JoshuaThums
Network Administration Lead at Forest County Potawatomi Community
Cisco firewalls provide us with some application visibility and control but that's one of those things that are involved in the continuous evolution of the next-generation firewalls. We have pretty good visibility into our applications. The issue that we run into is when it comes to some of the custom apps and unusual apps that we have. It doesn't give us quite the visibility that we're looking for, but we have other products then that fill that gap. There would also be a little bit room for improvement on Cisco's automated policy application and enforcement. The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it. That's part of the reason that we don't do some of the policies, because management of it can be a little bit funky at times. There are other products that are a little cleaner when it comes to that. View full review »
Dave Cooper
Network Engineer at CoVantage Credit Union
In Firepower, there is an ability to search and dig into a search, which is nice. However, I'm not a super fan of the way it scrolls. If you want to look at something live, it's a lot different. You're almost waiting. With the ASDM, where it just flows, you can really see it. The second someone clicks something or does something, you'll see it. The refresh rate on the events in Firepower is not as smooth. It's definitely usable, though. You can get a lot of good information out of it. It's hard to stay on the bleeding edge on firewalls because you have to be careful with how they integrate with Firepower. If you update one you have to update the other. They definitely have some documentation that says if you're at this version you can go to this version of Firepower, but you need to be careful with that. View full review »
Al Faruq Ibna Nazim
Head of Technology at Computer Services Ltd.
I would say when Cisco is selling something called a firewall, they put a lot of services together to make a single box solution. When a company develops a firewall, they need to develop certain features like intrusion control and offer it pre-loaded in the product. On the mix of projects that I am responsible for, I feel comfortable using the Cisco firewall for management. One feature lacking is superior anti-virus protection, which must be added. I have to say I am very proud of the Cisco Firepower 41400 as it can give you multiple layers of four-degree connectivity in operations. We do not use the Cisco 9000, but even the lower level firewalls are pretty expensive, considering the features and software included. In summary, we would like Cisco to provide more features inside regarding network trafficking forecasting. Ideally, the belief is that this would add an immediate resolution. View full review »
Find out what your peers are saying about Cisco, Fortinet, pfSense and others in Firewalls. Updated: September 2019.
372,124 professionals have used our research since 2012.
Girish Vyas
Architect - Cloud Serviced at a comms service provider with 11-50 employees
I was trying to learn how this product actually operates and one thing that I see from internal processing is that it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. They put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. Something similar can be done in Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. An internal function that is something that they can improve upon. They can also improve on cost because Cisco is normally expensive and that's the reason customers do not buy them. Also, if they could provide integration with Cisco Umbrella, that would actually improve the store next level. Integration is one thing that I would definitely want. From a technical perspective, maybe they could simplify the CLI. That is one thing that I would like to be implemented because Cisco ASA or Cisco, in general, is usually good at simple CLIs. That is one thing that I saw lacking in FTD. Maybe because they got it from another vendor. They're trying to integrate the product. View full review »
sentwrkpres56
Senior Network Support & Presales Engineer at a tech services company with 51-200 employees
There are quite a few things that can be improved. Firepower is an acquisition from another company, Cisco's trying to put it together. Their previous ASA code with the source file code that they have acquired a few years ago still has some features that are not fully supported. Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC. Most of the high-end devices do not support Onboard management. The Onboard management is only supported on the 2100 IP at the 1050 Firepower and on select ASA devices that bear the Firepower image. It would be very nice if the Onboard management integrated with all the devices. Log key loading for the evidence at the logs, because clearly you only have loading on the remote on the FMP, you cannot store the logs located on the device. View full review »
Seniodascie9887
Senior Data Scientist & Analytics at a tech services company with 11-50 employees
I would like to see real-time log systems because it's very helpful when you want to troubleshoot. View full review »
Nathan Chadwick
Technology Associate at a financial services firm with 1-10 employees
I would like the ability to pick and choose different features of it to run in a packaged infrastructure or modules, therefore I would like to have more customizability over it. It seems very clunky and slow. I would like to be able to tune it to be a more efficient product. View full review »
Ali Abdo
Technical Manager at a comms service provider with 1,001-5,000 employees
I would like for them to develop better integration with other security platforms. I would also like for them to make the Cloud configuration easier. View full review »
Informa9889
Information Systems Manager with 1-10 employees
They should develop a web interface that is actually useful. Currently, we still have an issue where you have to go in and do manual configuring by the command line if you want certain functions in it. This means that we need to find people at a higher technical level to be able to do changes in those things. It would be much easier if you had a more friendly user interface basis where you don't have to go in and do the command line off. They should be a little bit faster sometimes in updating their threat protection. Cisco should redo their website so it's actually usable in a faster way. View full review »
Iz
Assistant Manager (Infrastructure) with 1-10 employees
* I would like to see more improvements made to the dashboard and UI, as well as to the reporting, the reporting is quite limited and not user friendly. * I would like them to consider offering more predefined security templates. * Technical support product knowledge, licensing portal, activation process will need to be improved. * The configuration is not straightforward, Cisco will need to improve this so the user can easily pick up the product. * Bugs are more than other firewall competitors, some bugs are quite serious. View full review »
asstmana149958
Asst.Manager IT at a manufacturing company with 501-1,000 employees
It is on multiple boxes so ISP load balancing, multiple network load balancing would be helpful. Also a web-based portal for VPN. Earlier they had it in the ASA model, but currently, they don't have it. The user needs to just click on the link so he can work. View full review »
Gerald Zauner
Data Center Architect at Fronius International
The stability and the product features have to really be worked on. View full review »
Presales489d
Presales Engineer
It's lacking one feature: VPN. That is a feature we're looking for. Otherwise, the new devices have very good support, and the performance is quite good. Also, the 2100 Series lacks a DDoS feature. If they could add that to those platforms, that would be good. View full review »
Omid Najafi
Managing Director at Fasp
The performance and the level of throughput need to be improved. This would make things easier for us. I would like to see the inclusion of more advanced antivirus features in the next release of this solution. Adding internet accounting features would also be a good improvement. View full review »
Vishal Punjabi
Consultant
As it’s a GenX firewall, expertise for both implementation and troubleshooting the pain points can be a challenge. This could be a concern when companies are thinking about buying this product. View full review »
OscarCastillo
Network Engineer at IT Security
It could use more of a system interface. The security features in the URL category need more improvement. View full review »
Pablo Torrejon
Support Engineer at a tech services company with 51-200 employees
We would like to see MS Word BPM as a feature. View full review »
Yasir Al-Musawi
Network Security Specialist at a financial services firm with 501-1,000 employees
The product needs real-time logs to be able to monitor our services, so we can know if any our services have been blocked via the firewall or on the application side. View full review »
Find out what your peers are saying about Cisco, Fortinet, pfSense and others in Firewalls. Updated: September 2019.
372,124 professionals have used our research since 2012.
Sign Up with Email