The Cisco Firepower® 1000 Series for small to medium-size businesses and branch offices is a family of four threat-focused Next-Generation Firewall (NGFW) security platforms designed to deliver business resiliency through superior threat defense. The vendor provides that they offers exceptional sustained performance when advanced threat functions are enabled. The 1000 Series’ throughput range addresses use cases from the small office, home office, remote branch office to the Internet edge. The…
N/A
FireMon
Score 7.8 out of 10
Enterprise companies (1,001+ employees)
FireMon is a real-time security policy management solution built for today’s complex multi-vendor, enterprise environments. Supporting the latest firewall and policy enforcement technologies spanning on-premises networks to the cloud, FireMon delivers visibility and control across the entire IT landscape to automate policy changes, meet compliance standards, to minimize policy-related risk. Since creating their policy management solution in 2004, FireMon states they've helped…
I think it is well suited for smaller companies or (as in our case) extension to a central system with higher performance. My personal guess is, that it can be quite annoying with those delays in bigger environments, when 20 or more devices needed to be managed. From the point of security, support and updates it works quite good and seem to have no downsides.
FireMon is best used in a large environment (for example, I have >100 firewalls in my environment). It's best used when trying to improve security posture and showing changes in firewall security over time. It might not be the best choice for smaller environments or those that aren't concerned about security management.
My organization is all Cisco and wants to stay in the Cisco life cycle, Firepower 1000 series is great for small to medium-size office.
Very robust enterprise-grade security solution with updated threat features to handle any current and upcoming threats. The solution is backed by Cisco to ensure constant security updates. Integrated AnyConnect remote client VPN is a big plus to allow for secure remote workers access. Easier to set up a site to site VPN due to the large user base and case studies published on integrating to other manufacturer solutions.
It is quite good, robust and reliable but not always so easy to manage and configure. The tools could be improved and the price is not low for an entry level firewall
The shell is locked out and we can't run any general centos commands. The implementation and maintainence of the arch is very complex. Even with the right identifiers on log messages the log collection keeps failing. The warning messages on the device are ambiguous. The log messages on firemon are a bit confusing and don't show the exact issue.
Firepowers are secure, reliable, central management and configuration is easy and they fit in well with our existing Cisco infrastructure. Good feature set and support. Good management and control with chassis manager and central control with additional Firepower Management Centre.
FireMon has been relatively stable overall. However, there have been a handful of times where we had issues with the console. For example, we couldn't update which devices to include in a security assessment. The initial suggestion from support was to just reboot it. It seems like there weren't many other options available such as to restart services before going to the extreme of a complete reboot.
Great performance even on the lower end model of the series. You can push a lot of traffic through these devices without much performance impact. If you decide you want to inspect encrypted traffic however, you may take a big hit on the cpu and memory of the box, but they still manage to keep up even with all the bells and whistles turned on.
I'm not sure we have the largest implementation of FireMon out there but we do have a few 1000 devices being probed by FireMon. Overall, the system's performance has been rock solid. The console refreshes quickly and reports are generated within an expected timeframe.
I have had troubles with Firepower Management Center and the FTD's in the past. Sticking to a Gold Star image and upgrading when the "bugs" are fixed is great. That still doesn't mean you are left vulnerable though. The extra features are just not enabled yet. Great product and calling support is readily available for any issue.
FireMon technical support is awesome! They respond quickly to our requests and they are well trained and very knowledgeable about the tool. Some issues have to be referred to the development team, but technical support largely provides solutions for any issues that we may have.
Cisco Meraki MX is much more simple to configure it if you compare to Cisco Firepower 1000, but it is more limited to pur some complex configurations. The Cisco Firepower 1000 Series is typically deployed as a physical appliance, while the Meraki MX can be deployed as a physical or virtual appliance.The Firepower 1000 Series has a more complex user interface, with a steeper learning curve, but offers more customization and configuration options. The Meraki MX has a simpler, more intuitive interface,
I has worked with AlgoSec and while they are very similar product, I find the FireMon is easier to understand and get rolling with. While both require some learning, FireMon is by far the easier one. Once you have an understanding of how things are arranged and labeled you can easily import firewalls and begin to work on them to improve them
Firemon Is easily scalable and maintainable with any size team. Although it requires some tech debt, it is well worth the time to invest to ensure compliance is visible and reports are accurate. Although our environment is very large we do not fully utilize the scalability of the Firemon product.
It took several attempts with Cisco engineers to configure the device; it requires a deep set of knowledge to set up in a more complicated environment.
This will allow us to move forward with a more stable and configurable environment with security available we didn't have before.
