Cisco's Catalyst is one of that company's brand of network switches.
N/A
Cisco Secure Firewall
Score 8.0 out of 10
N/A
Cisco Secure Firewall (formerly Cisco Firepower NGFW) is a firewall product that integrates with other Cisco security offerings. It provides Advanced Malware protection, including sandboxing environments and DDoS mitigation. Cisco also offers a Next Generation Intrusion Prevention System, which provides security across cloud environments using techniques like internal network segmentation. The firewall can be managed locally, remotely, and via the cloud. The product is scalable to the scope of…
Our access infrastructure. If you want to bring many devices into your infrastructure and you don't want to bring the devices direct on the core routers, something like that. Or to the routers, the catalyst switches are perfectly suited for that or for top of direct switches.
Well suited any edge kind of protection, which is obviously, again, what firewalls really used for. Less suited if you need more detailed protection, more granular, shall I say it's a better word, more granular protection. The ability to filter not just on IPS and ports, but a much deeper look at the packets and do that.
I think particularly for the 2960-Xs, these are quite sturdy. I believe they don't get, even if there's a power outage out at Cole's, we usually do some electricity work just to do the electricity redundancy. We just power off the, let's say, the transformers and then see if the mains can handle the power supply. So these 2960, these switches are quite sturdy, I believe, and they don't die on us, but I've seen with the 9200s and the other switches, they don't come back usually when there's a power outage or something like that. So we have to replace the power supply units and all those things to get them working again.
It's been a big change for us because like I said, we've been using it about a year, I think. And we went from ASAs to this, so it was a big changeover from being able to do everything in CLI honestly, it's a bit clunky and more time consuming to have to configure things through the Gooey, which has been a pain point for us. But we've tried to automate as much as we can. What it does well is the analysis. The event, not event viewer, but unified event, that's what it is. Handy tool. Also the tunnel troubleshooting the site to site tunnel monitoring or troubleshooting, I can't remember what it's called. It's pretty good too. It's nice how it has some predefined commands in there. I'd say those are probably the things we like about it the most.
I wouldn't fault the product per se. I think it's just more its integration with the SSD access network that there could be room for improvement. I think the 9300 has been a solid device by itself, and I can't think of anything that I could fault on the device itself. It's probably been doing a very good job and we are happy with it.
I have one argument, failover scenario. It's not quite easy. Failover scenario of firewalls. It's sometimes not quite easy to know the issue. But if we open a tech case, a technical case to Cisco, Cisco will help us, it's a little bit con, but we are happy with this product.
They are consistently reliable and this switch in particular is a very affordable solution. We can place the Cisco Catalyst 1000 Series Switches gear in areas that we normally would not place a switch because it is affordable enough to make it justifiable. And because it is a reliable solution, we are confident it will continue to provide service over the long haul.
It works really well. We can do most anything we want or need to with it, and you don’t have to have a doctorate or multiple certs to necessarily figure it out. The thing that would probably have to happen to make us switch would be if we just got priced out - Cisco’s more powerful and higher bandwidth models cost a pretty penny.
Cisco by and far does a great job with the Catalyst line. From a layer 2 dumb switch all the way up to ISP carrier grade switching within the Catalyst portfolio. The best part about it is command parity among the various tiers of product. The only differences are going to lie in what features are available per switch.
Solution is highly effective, offers a lot of features with constant improvements and additions of new features over time. It's relatively easy to get familiar with the system, especially if transitioning from adaptive security appliances. If this is not the case, as for learnability there's a learning curve but once learned it is relatively easy to remember the details about the system even after a period of non-use
We have had really good success with Cisco Secure Firewall when it comes to availability. Even when we’ve had temporary issues with one appliance or the other, or with the Firewall Management Center, it has stayed up and defended our network diligently. We even had an issue where the licensing got disabled for multiple days, and it kept spinning like a top
No, the packets flow. Sometimes you will see collisions and broadcast storms can happen which will slow performance but that can be fixed and the packets will flow.
We rarely have issues with the product. I have only had to contact support one time since we put it in and that was to see if another vendor was giving me accurate information on an issue I was having.
Cisco support is not at all suitable for this product, at least. It takes a long for them to help us with our server issues. A lot of the time, the customer support person keeps on redirecting calls to another person. They need to be well versed with the terminologies of the product they are supporting us with. Support needs a lot of improvement. Cisco Fire Linux OS, the operating system behind Cisco Firepower NGFW (formerly Sourcefire), also doesn't receive regular patches. In short, average customer service.
Cisco Networking Academy partners with many local Colleges and High Schools to provide great hands-on training. You do need to drive to learn the topic. The in-class session only go so far. You really need to apply this to the real world. Cisco makes it easy for business to connect via CLC or Cisco Learning Credits.
was a good training but questions was answered not so good. Training was "Fundamentals of Cisco Firewall Threat Defense and Intrusion Prevention (SFWIPF)".
The implementation of the Cisco Catalyst 1000 Series Switches is fairly seamless, especially if you are familiar with Cisco products. We have had Brocade switch gear in place too, and the differences between the manufacturers [are] not a major issue.
In the beginning transition from Adaptive Security Appliance to Cisco Secure Firewall did not look like the best choice. Solution was new, there were a lot of bugs and unsupported features and the actual execution in the form of configuration via Firepower Management Center was extremely slow. Compare configuring a feature via CLI on ASA in a manner of seconds (copy/paste) to deployment via FMC to Secure Firewall which took approx. 10 mins (no exaggeration). Today, situation is a bit different, overall solution looks much more stable and faster then it was but there's still room for improvement.
I use some Aruba switches as well and some Huawei products as well. That's the reference, honestly, that's really all the products that are quite good are mostly copying what Cisco does. And when it does not copy, it's not as good. The only other competitor that does the same kind of project, but differently in a good way is Juniper. For me it works quite as well, but that's the only vendor that I would say is really different from Cisco and in a good way. I mean both are good but not the same way.
I think the Cisco product is probably pretty much equal now. I would love to say that Cisco is way more advanced or whatever, but Palo Alto, they just focus solely really on firewalls. And before Cisco came out with the FTD, the ASAs would only do layer four. So that's one of the reasons why that we purchased the Palo Alto is because they would do layer seven. And when we went to the FTDs, since they do layer seven as well, we just wanted to have different layers of security with our firewalls. So we just put the Palo Altos behind the Ciscos in case that there was anything that the Ciscos didn't catch, the Palo Altos would.
We are exclusive Cisco at our organization. In truth part of the reason is, with one type of switch and one manufacturer, it is easier to support. It is also easier to give consistent training to our staff in our tech department
Some patching for zero day exploits have resulted in bugs causing downtime, meaning decision between vuln patching or risk of downtime needs to be discussed.
Peace of mind that the device will receive continued upgrades and with a quick turnaround.
Ability to use TAC for issues.
Ease of hiring candidates with experience in product line.
