Cisco Firepower NGFW Scalability

Lead Network Administrator at a financial services firm with 201-500 employees
The scalability is awesome. That's one of those features that this product adds. Not only does it scale so that we can add more firewalls and have more areas of deployment and get more functionality done, but we have the ability that we could replace a small-to-medium, enterprise firewall with a large enterprise firewall, with very little pain and effort. That's because that code is re-appliable across multiple FirePOWER solutions. So should a need for more bandwidth arise, we could easily replace the products and deploy the same rulesets. The protections we have in place would carry forward. We hairpin all of our internet traffic through the data centers. Our branch offices have Cisco's Meraki product and use the firewall for things that we allow outbound at that location. Most of that is member WiFi traffic which goes out through the local connections and out through those firewalls. We don't really want all of the member Facebook traffic coming through our main firewalls. I don't foresee that changing. I don't see us moving to a scenario where we're not hairpinning all of our business-relevant internet traffic through the data centers. I don't foresee us adding another data center in the near future, but that is always an option. I do foresee us increasing our bandwidth requirements and, potentially, requiring an additional device or an increase in the device size. We have FirePOWER 2100s and we might have to go to something bigger to support our bandwidth requirements. View full review »
Network Administration Lead at Forest County Potawatomi Community
Scalability is also excellent. I don't have any complaints about it. As long as you're willing to put the money forward, they are very scalable, but it's going to cost you. Their ability to future-proof our security strategy is also very good. They continuously improve on and add items, functionalities, and features to their software. User-wise, the government side of our organization doesn't have that many. There are maybe 1200 altogether. We had to upgrade our 5555s to 4110s and our 4110s are just about maxed out. We're pushing the max of the capabilities of all the equipment that we have. The 4110s average about eight gigabits a second all day long, for about 12 hours a day, through each of the devices. There are terabytes of traffic that go through those things a day. We're always increasing the usage of these devices. They are the core of our network. We use them as our core routers and all traffic goes through them. They are the integral part, the center of our network. They're everything for us. We have three people on our network team who maintain the entire network, including those devices. View full review »
IT Infrastructure Specialist at RANDON S.A
It is scalable in our scenario. It is scalable the way we deploy it. It's the same template or architecture, and that was our intention, for all our remote sites. From this point of view, the scalability is okay. But if one of those remote sites increases in demand, in the number of users or in traffic, we don't have too much space to increase the firewall itself inside that deployment. We would probably need to replace or buy a new, more robust appliance. So the scalability for the architecture is fine. It's one of the major requirements for our distributed architecture. But scalability for the appliance itself, for the platform itself, could be a problem if we grow too much in a short period of time. I don't know how to measure how extensively we use it, but it's very important because without it, we can't have VPN and we can't communicate with our headquarters. We have SAP as our ERP software and it's located in our data center here at our headquarters. If we can't communicate with the data center, we lose the ability to communicate with SAP. So if we don't have the firewall running on those remote sites, it is a major problem for us. We must have it running. Otherwise, our operations at these remote sites will be compromised. In terms of volume, 40 percent of our sites are deployed and we still have plans to deploy the other 60 percent, this year and next year. Regarding future demands, if we create new business, like we are doing now in Mexico, our basic template has this next-gen firewall as part of it. So any other new, remote sites we deploy in the future, would use the same architecture and the same next-gen firewall. View full review »
Learn what your peers think about Cisco Firepower NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
418,901 professionals have used our research since 2012.
Dave Cooper
Network Engineer at CoVantage Credit Union
We haven't hit that issue of scalability. We have increased the amount of traffic through it and it's handled it, but I think that's also a product of the ASA as well. If the ASA is going to choke, Firepower is going to choke as well. We're going to be bringing in two new firewalls, as early as the fourth quarter or first quarter of 2020, and those are going to be pure FTD appliances. We'll probably be using those a little bit more extensively. I don't think we're going to be using the SSL portion, but we'll probably have the IDS/IPS, and we'll probably have the AMP turned on. That's because with the endpoints, we're not sure if we're going to be able to install an antivirus, so we can at least watch that. We'll probably use most of the suite on it. View full review »
Security Architect
Scalability depends on the site. At some sites we have ten people while at others we have a data center with a full 10 Gig for all the group. We have had one issue. When there are a lot of small packets — for example, when our IPS is in front of a log server or the SNMP servers — sometimes we have issues, but only when we get a peak of small packets. View full review »
Al Faruq Ibna Nazim
Head of Technology at Computer Services Ltd.
I would put the Cisco Firepower NGFW firewall into Transport mode, as you can do with most firewall systems for scalability. We used to have about 60% of our users on hold during six-week events. We still have certain problems without a firewall, but these days with the Cisco Firepower, we have over 80% of the load working. As the customer integrator for enterprise contracts, we've been able to introduce Cisco Firepower to around 10 of our new customers in Bangladesh. At least 50 of the previous Cisco customers are still using the firewall solution right now under our support. These are enterprise customers who require Cisco firewall support. We used to have a specialty in that which is really like the holy grail in rocket science. It used to be like that but now with Cisco's enterprise user base, we offer operational system support to reduce complexity a lot. It's really easy. It's not like you have to be a specialist. View full review »
Girish Vyas
Architect - Cloud Serviced at NTT Global Networks
We have only one or two firewalls as a site data center firewall. From what I have studied, they are scalable. You can have eight firewalls integrated with the FTP devices. I don't think scalability would be an issue but I do not have a first-hand answer on that. There are approximately 2,500 customer base users using Cisco Firepower. It's a data center firewall, so all the sites integrate for one data center. You do not need extra staff to maintain Firepower. One field technician engineer, FTE would be sufficient and should not be a problem. I don't think extra staff would be needed. For support, for instance, you need one person. View full review »
Henry Pan
Technical Consulting Manager at a consultancy with 10,001+ employees
The scalability is reasonable and okay. One of the clients we have has 21,000,000 node. View full review »
Senior Network Support & Presales Engineer at a tech services company with 51-200 employees
We have several thousand employees at the company. View full review »
Senior Data Scientist & Analytics at a tech services company with 11-50 employees
I've worked with the 2000 series, the 4000, and the 9000. The 9000 series is really impressive because it's absolutely scalable for large deployments. View full review »
IT Specialist at a consultancy with 1,001-5,000 employees
It's scalable. View full review »
Nathan Chadwick
Technology Associate at a financial services firm with 1-10 employees
I don't see it being very scalable. I don't have access to the actual interface on it. However, it is an older product, so it probably doesn't have high availability features. So, it's scalability is probably limited. I know that we kind of put it through the ringer with our fewer than a hundred connections into it. View full review »
Ali Abdo
Technical Manager at a comms service provider with 1,001-5,000 employees
Scalability is great. We have around 1,500 users. View full review »
Information Systems Manager at a non-profit with 1-10 employees
We are a rather small firm so we don't have much growth leads but there is a wide range of firewalls that I can expand onto. We can also set up cluster solutions. It's rather indefinite in its expandable possibilities. View full review »
Assistant Manager (Infrastructure) at SISTIC
Asst.Manager IT at a manufacturing company with 501-1,000 employees
It has limits. If your network is going beyond it, then you'll have to replace it with higher model. View full review »
Gerald Zauner
Data Center Architect at Fronius International
The scalability is good. We have scaled it but at a normal gross so it's not very high. We have designed it for our use case and we have the option to scale but we don't use it at the moment. View full review »
Presales Engineer
In terms of scalability, it is really expensive. It is scalable, but when it comes to pricing, the upgrading is a bit high. View full review »
Omid Najafi
Managing Director at Fasp
Scalability of this solution is ok. They have the IPS (Intrusion Prevention System), online updates, and signature updates. One customer might have, for example, two hundred and fifty users, whereas another might have one hundred users. There are different models for different numbers of end-users. View full review »
Network Engineer at IT Security
Scalability is good. View full review »
Learn what your peers think about Cisco Firepower NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
418,901 professionals have used our research since 2012.