Most Helpful Review
Find out what your peers are saying about Cisco Defense Orchestrator vs. Palo Alto Networks Panorama and other solutions. Updated: September 2019.
372,124 professionals have used our research since 2012.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
If our server is blocked, this solution shows us why it is blocked and allows us to update the network routing.
The bulk changes feature is definitely the most valuable.
The initial setup was straightforward. We spun up the VM onsite. We generated the key that it needed to talk to the Cloud Orchestrator. After that, as I started adding devices, it was relatively quick and easy.
The ability to see the uptimes on the different VPNs that we have configured for site-to-site.
If we have a firewall go down, I can hop into CDO, pull the latest configuration off and apply it. That's really good. It helps save time.
We have quite a few Active Stone by pairs. If they fail over... I'll see that there's a change on it and I'll have a look. The only change on it is that now this one is the standby, it took over the active role. I can go into that firewall and find out what happened... and troubleshoot based on that. That's pretty cool too.
We use a lot of image upgrades. We take some 20 devices and then we update everything at once, including the policies. We apply policies for groups. For certain groups, like anti-viruses, we send out policies and apply them to every single device. It's really easy and simple.
I like the upgrade feature. That is pretty valuable to me because I have dual ASAs and when I go through CDO it does it for me pretty well. It's all done in the back-end and I don't really have to be involved. I just initiate, pick the image, and I pick when I want it done and it just does it, whether I have a single ASA or have a dual ASA.
The solution is absolutely stable.
The interface is very easy to use. You can do most jobs from one single console.
The most valuable feature is WildFire.
What I like most about this solution is that it allows me to push multiple policies on multiple followers at the same time.
Using this solution means that you can store logs for longer periods, up to perhaps two years, depending on your attached storage.
The dashboards are very good on Palo Alto. They offer a centralized dashboard for managers as well.
It's helpful that the solution allows us to control all the firewalls from one device.
It has made our ROIs easier, but consolidating the correlation of data into one single point, which is pretty great.
The dashboard needs to be more customizable to provide better reporting for our network.
It should have more features to manage FirePOWER appliances.
When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up.
I'd like CDO to be the one-stop-shop where we could do all the configurations easily. It would be nice, for ASA upgrades, if we could do them from a central repository and not have to reach out to Cisco. That would be a definite plus.
CDO doesn't have a report, an official report that I can check daily. It has another module called FTD, but it doesn't have that specifically for ASA. In the reporting, there are a lot of things that aren't there. There is also room for improvement in the daily monitoring.
The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities.
I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free.
There could be some slight improvements to navigation. In some of the navigation you've got to go back to be able to get into where you need to be once you've made a change. If I make a change, I've then got to go back to submit and send the change.
I would like more dashboard management.
The general customer feedback is when saving the configuration, it takes a long time. That needs to be fixed. The troubleshooting, the debugging part is also a little bit of a pain. It's not user-friendly on the interface to do our debugging when comparing it with other firewalls, like Forcepoint.
There is room for improvement in the integration within endpoint detection. They need to do some integration between endpoints and the firewalls.
Customer support can improve.
The dual WAN functionality is missing in this solution.
Panorama needs to work on its configuration issues.
It can take a few minutes to test to see if any changes are successful or not. This needs to be improved. A commit change should take a second, not a minute or more.
We had some challenges with the initial setup, but it was more on a learning curve basis.
Pricing and Cost Advice
It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours.
After our free trial was done we got a subscription for three years and it was under $3,000 or so. It's part of the EA we already paid for, so I don't know what it would be if it was a la carte.
It's around £500 per unit for a three-year license.
It is about a $100 per year for an ASA 5506 firewall, and from there it keeps going up if you have a bigger box. For example, the 5516 is $200 to $300 per year.
You only pay for the license and there are no additional costs.
Initially, Palo Alto looks expensive, but if you dig deeper then you will find that it is very comparable, or even cheaper than other solutions.
It has freed up staff time, which is where we are seeing ROI.
With the URL filtering, we probably went down from around four hours in response time to about five minutes.
The licensing is not cheap. There are always hidden costs. You have support costs, or maybe you need to buy more optics on how the solution fits into the rest of your environment. It is possible some of the rest of your environment will need to change too.
out of 7 in Firewall Security Management
Average Words per Review
out of 7 in Firewall Security Management
Average Words per Review
Compared 56% of the time.
Compared 44% of the time.
Compared 28% of the time.
Compared 24% of the time.
Compared 20% of the time.
Also Known As
|Cisco||Palo Alto Networks|
Cisco Defense Orchestrator is a cloud based policy management solution to drive simple and consistent security policy across multiple Cisco security platforms.
Panorama network security management provides static rules and dynamic security updates in an ever-changing threat landscape. Reduce administrator workload and improve your overall security posture with a single rule base for firewall, threat prevention, URL filtering, application awareness, user identification, file blocking and data filtering.
Learn more about Cisco Defense Orchestrator
Learn more about Palo Alto Networks Panorama
|Insurance Company of British Columbia, Shawmut||University of Arkansas, JBG SMITH, Temple University, Telkom Indonesia|
No Data Available
Financial Services Firm29%
Software R&D Company14%
Software R&D Company29%
Comms Service Provider18%