Anonymous UserPresales Network & Security Engineer at a tech services company
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"There are a lot of templates that are already built-in. They give you quick-to-create and quick-to-apply policies that are typically a little more complicated for people."
"When we're looking to the policies, it identifies the shadow rules. It notifies us about anything that will supersede other rules."
"The most valuable feature is that you can push one policy or one rule out to several devices at a time."
"This product provides excellent centralized device controls and reporting."
"The ability to do operations on multiple firewalls at once is valuable because it saves time and mental effort. The solution's ability to make bulk changes makes it very convenient to manage things at once on multiple targets."
"For this product, they are very uncharacteristically interested in resolving whatever issue the customer reports. They're really attentive, and they address whatever we bring up as quickly as they can. That's been a very positive aspect of the product."
"The most valuable feature is being able to do centralized upgrades on the ASAs. We can select all of those ASAs, and say, "Upgrade these ASAs at this scheduled time." It will copy down the ASA image, ASDM image, and then do the upgrade and failovers, and then put it all back into service as required at a scheduled time. It automates that process for us."
"I like the upgrade feature. That is pretty valuable to me because I have dual ASAs and when I go through CDO it does it for me pretty well. It's all done in the back-end and I don't really have to be involved. I just initiate, pick the image, and I pick when I want it done and it just does it, whether I have a single ASA or have a dual ASA."
"The most valuable features are the Security Risks and Best Practices reporting/Rule base cleanup."
"The change workflow process is flexible and customizable... If we have a firewall completed and we want to redo it, if we need to re-engineer a particular firewall and open a different destination, we can do that by creating a break-fix... That is one of its useful tools."
"I like the fact that Tufin was able to integrate with our firewalls, which include Palo Alto and FortiGate."
"The most valuable feature is the reporting of our risk poster in our firewall."
"The most valuable feature is that it extends security entries in the firewall policies."
"This solution provides a more organized manner for us to track towards compliance for our PCI audits."
"This solution has helped us with compliance because we're able to map out certain firewall rules against compliance requirements, and we're able to write reports to show us exactly what our firewalls look like in those areas."
"This solution has helped our clients because it allows them to leverage the tools so that they can actually reduce their overall expenses for the environment."
"We had some MX devices that were blocking Windows Update from happening. We found out it was a Meraki issue, but it would have been nice if it had been flagged for us: "Hey, these updates are failing because the MX is blocking it." It wasn't a huge problem, but there was a loss of our time as well as the fact that the updates didn't get pushed out... It would have been nice if CDO had let us know that that was an issue."
"If I make a change locally to the firewall, CDO gives an alarm or an error message and says there's a change in compliance: "The firewall has this configuration but the last time it was compiled it had that configuration." That view of new changes versus the old could be better... I had to log in manually, locally on the firewall, to check which version, which configuration was actually running. I couldn't see it in CDO."
"It would be a better product if it incorporated device control for third-party products easily."
"I've found dozens of bugs over the year we've been using it. The more I use it for different things, the more problems I find... Most of the problems have to do with the user interface. A lot of thought and work has gone into the back-end component to make the product do what it's intended to do, but the way it is presented for use hasn't gotten nearly as much thought to make it smart and bug-free."
"There could be some slight improvements to navigation. In some of the navigation you've got to go back to be able to get into where you need to be once you've made a change. If I make a change, I've then got to go back to submit and send the change."
"The main thing that would useful for us would the logging and monitoring. I have to check it out, to get the beta, because I don't have access to them... I wanted CDO to be a central place so where I could do everything but right now I don't think that's possible. I really don't want to go back and forth between this and FMC. Maybe the logging portion, when I look at it, will give me some similarities."
"It should have more features to manage FirePOWER appliances."
"When logging into the device, we sort of had problems with it staying in sync. If somebody made a change onsite, it wouldn't do an automatic sync. It would have to wait, as you would have to do a manual sync up."
"I feel that the user interface is a bit dated."
"When it comes to web services, in my experience, Tomcat has always gone down; after a certain amount of load it breaks down and we have to get things restored again."
"Our project is running on Riverbed for SDN. I don't know if Tufin can integrate with Riverbed. Other than that, I have no issues with this product."
"I would like to see improved role-based access."
"I would like the ability to export information in other formats including PDF, HTML, or Excel."
"One feature that is missing is the ability to assign a step in the workflow to a specific user at a specific time, based on how the previous steps of the workflow have been handled."
"One of the areas that I've had challenges with is making complicated reports."
"We would like to see more in terms of integration with other application types within the context, such as next-generation firewalls or next-generation threat devices that are out there."
"It is about a $100 per year for an ASA 5506 firewall, and from there it keeps going up if you have a bigger box. For example, the 5516 is $200 to $300 per year."
"It's around £500 per unit for a three-year license."
"After our free trial was done we got a subscription for three years and it was under $3,000 or so. It's part of the EA we already paid for, so I don't know what it would be if it was a la carte."
"It is covered under the CIsco Enterprise License Agreement (ELA). So, it is licensed and ours."
"If you compare to what is available on the market, they are in the same range with respect to pricing."
"There is no issue with the pricing because we used a VM. That kept the cost low, as compared to an appliance."
"Our evaluation showed that Tufin's features were on par with AlgoSec, but Tufin was the better financial choice."
"Licensing is available in both perpetual and subscription models, and it appears to be good for our scalable environments."
"Our licensing fees are approximately $100,000 USD yearly."
"Our licensing fees are more than $100,000 USD per year."
"I just wrote a purchase order for it. It is a $150,000 a year."
"Our licensing costs are pretty low. We were grandfathered in, so we are at about $35,000 per year."
"While licensing varies greatly, it is about $50,000 a year."
Cisco Defense Orchestrator is a cloud based policy management solution to drive simple and consistent security policy across multiple Cisco security platforms.
Tufin enables organizations to automate their security policy visibility, risk management, provisioning and compliance across their multi-vendor, hybrid environment. Customers gain visibility and control across their network, ensure continuous compliance with security standards and embed security enforcement into workflows and development pipelines.
Cisco Defense Orchestrator is ranked 4th in Firewall Security Management with 13 reviews while Tufin is ranked 2nd in Firewall Security Management with 53 reviews. Cisco Defense Orchestrator is rated 8.2, while Tufin is rated 8.2. The top reviewer of Cisco Defense Orchestrator writes "Provides visibility into entire infrastructure and bulk changes save time and resources". On the other hand, the top reviewer of Tufin writes "We can process more rules on a daily basis, which is a definite time saver". Cisco Defense Orchestrator is most compared with FireMon, AlgoSec, Palo Alto Networks Panorama and Skybox Security Suite, whereas Tufin is most compared with AlgoSec, FireMon, Skybox Security Suite, Palo Alto Networks Panorama and RedSeal. See our Cisco Defense Orchestrator vs. Tufin report.
See our list of best Firewall Security Management vendors.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.