We performed a comparison between Cisco Defense Orchestrator and FireMon Security Manager based on real PeerSpot user reviews.
Find out what your peers are saying about AlgoSec, Tufin, Palo Alto Networks and others in Firewall Security Management."We have quite a few Active Stone by pairs. If they fail over... I'll see that there's a change on it and I'll have a look. The only change on it is that now this one is the standby, it took over the active role. I can go into that firewall and find out what happened... and troubleshoot based on that. That's pretty cool too."
"The most valuable feature is the Intrusion prevention."
"If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time."
"For this product, they are very uncharacteristically interested in resolving whatever issue the customer reports. They're really attentive, and they address whatever we bring up as quickly as they can. That's been a very positive aspect of the product."
"With Cisco Defense Orchestrator, we can manage the complete Cisco Security solution. It provides a simple and centralized way to manage all products."
"When we're looking to the policies, it identifies the shadow rules. It notifies us about anything that will supersede other rules."
"The ability to do operations on multiple firewalls at once is valuable because it saves time and mental effort. The solution's ability to make bulk changes makes it very convenient to manage things at once on multiple targets."
"I like the upgrade feature. That is pretty valuable to me because I have dual ASAs and when I go through CDO it does it for me pretty well. It's all done in the back-end and I don't really have to be involved. I just initiate, pick the image, and I pick when I want it done and it just does it, whether I have a single ASA or have a dual ASA."
"The most valuable features are Policy Optimizer and Firewall Manager for different brands of firewall."
"Vendor agnostic when it comes to integrating with other product."
"It is a good product. Previously, we were using only spreadsheets to compare the usage, but now with FireMon, we are able to clean up or review the policies to some extent. It is still a work in progress, but we are at a good stage now."
"Compared to other applications, it is user-friendly. The appearance of the menus and titles is clear and they are easy to follow. Of course, it requires some experience through using it, to go through everything, but it is not very difficult. It is an easy application to use."
"The most valuable feature of FireMon is its ability to configure multiple devices and consolidate them into a single desktop, which allows us to manage all of our security devices, such as Palo Alto and Zscaler, from one place."
"FireMon saves us a lot of time and it's nice because if you're adding a rule that's similar to another rule, it'll tell you so sometimes you can just edit the one and add another source or destination in there without creating a duplicate rule. It enables you to consolidate and have fewer, more meaningful rules. We're saving around 30% of our time."
"Firewall auditing is very important. We also use the solution for rule traffic analysis, traffic flow discovery and hidden/shadow rules within over 100 firewalls spanning five different brands."
"We also use the solution’s SASE integration capabilities to extend security policy management for cloud firewall management. It helps in creating one consistent rule across multiple platforms and it improves accuracy."
"They need to work on the user interface. It needs to be improved to make it more user-friendly."
"When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up."
"I'd like CDO to be the one-stop-shop where we could do all the configurations easily. It would be nice, for ASA upgrades, if we could do them from a central repository and not have to reach out to Cisco. That would be a definite plus."
"It would be a better product if it incorporated device control for third-party products easily."
"There could be some slight improvements to navigation. In some of the navigation you've got to go back to be able to get into where you need to be once you've made a change. If I make a change, I've then got to go back to submit and send the change."
"Cisco Defense Orchestrator can improve by providing more support for third-party security components."
"I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free."
"We had some MX devices that were blocking Windows Update from happening. We found out it was a Meraki issue, but it would have been nice if it had been flagged for us: "Hey, these updates are failing because the MX is blocking it." It wasn't a huge problem, but there was a loss of our time as well as the fact that the updates didn't get pushed out... It would have been nice if CDO had let us know that that was an issue."
"One area for 7.x customers that needs improvement is the migration. It is an involved process so get ready to spend some time getting your environment back to the way it was."
"Policy Planner requirements section is good, but could use some improvement to allow flexibility to enter different types of requests (modifying an existing policy, object or service group, for example) in a structured task format that can be auto-verified."
"Some of the things that you want to do in FireMon are not exactly straightforward, like creating certain reports or controls. Some of the functions could be a little more user-friendly, such as creating certain filters."
"When it comes to real-time compliance management, something that is missing is alerting on certain, predefined controls. It would be good to have a predefined set of controls which, if not complied with in a newly set up rule, would create an alert for us. That is something that is missing, out-of-the-box."
"It comes as a Linux appliance on a server and we're not a Linux shop, we're more of a Windows shop. It would be great if they could automate or integrate the backups into it and other things through their GUI interface, just to make the management of Linux a little more transparent."
"The AWS integration is still not mature for us to use. It is just not ready for our use case for AWS connectivity. Therefore, it does not provide us with a single pane of glass for our cloud environments, because we can't manage our cloud environment with the tool."
"We're working on implementing FireMon with our ticketing system service now. Having that would be an improvement."
"FireMon could be made more user-friendly when it comes to creating filters or conducting traffic analysis."
Earn 20 points
Cisco Defense Orchestrator is ranked 14th in Firewall Security Management while FireMon Security Manager is ranked 4th in Firewall Security Management with 53 reviews. Cisco Defense Orchestrator is rated 8.2, while FireMon Security Manager is rated 8.2. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of FireMon Security Manager writes "Makes compliance much easier compared to doing it manually, and automates policy changes across environments". Cisco Defense Orchestrator is most compared with AlgoSec, Palo Alto Networks Panorama, Tufin Orchestration Suite and Azure Firewall Manager, whereas FireMon Security Manager is most compared with Tufin Orchestration Suite, AlgoSec, Skybox Security Suite, Palo Alto Networks Panorama and ManageEngine Firewall Analyzer.
See our list of best Firewall Security Management vendors.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.