Cisco offers the Firepower 2100 Series NGFW, designed to allow businesses to gain resiliency through superior security with sustained performance. The Firepower 2100 Series has a dual multicore CPU architecture that optimizes firewall, cryptographic, and threat inspection functions simultaneously, to achieve security doesn’t come at the expense of network performance.
N/A
CrowdSec
Score 7.9 out of 10
N/A
CrowdSec is a CTI tool leveraging crowdsourced data to identify and block malevolent IPs in real time worldwide. It is an open-source & collaborative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all kinds of attacks. It also enables users to protect each other. Each time an IP is blocked, all community members are informed so they can also block it. That way, they are generating a real-time crowdsourced CTI database.
N/A
Pricing
Cisco Firepower 2100 Series
CrowdSec
Editions & Modules
Firepower 2100
3,000-20,000
per appliance
No answers on this topic
Offerings
Pricing Offerings
Cisco Firepower 2100 Series
CrowdSec
Free Trial
No
No
Free/Freemium Version
No
Yes
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Cisco Firepower 2100 Series
CrowdSec
Features
Cisco Firepower 2100 Series
CrowdSec
Firewall
Comparison of Firewall features of Product A and Product B
Cisco Firepower 2100 Series
8.5
2 Ratings
2% below category average
CrowdSec
8.2
1 Ratings
5% below category average
Identification Technologies
9.02 Ratings
8.01 Ratings
Visualization Tools
6.01 Ratings
8.01 Ratings
Content Inspection
9.02 Ratings
8.01 Ratings
Policy-based Controls
9.02 Ratings
00 Ratings
Active Directory and LDAP
9.02 Ratings
00 Ratings
Firewall Management Console
8.02 Ratings
00 Ratings
Reporting and Logging
9.02 Ratings
8.01 Ratings
VPN
10.02 Ratings
00 Ratings
High Availability
10.02 Ratings
00 Ratings
Stateful Inspection
10.02 Ratings
8.01 Ratings
Proxy Server
5.02 Ratings
9.01 Ratings
Best Alternatives
Cisco Firepower 2100 Series
CrowdSec
Small Businesses
pfSense
Score 8.8 out of 10
pfSense
Score 8.8 out of 10
Medium-sized Companies
Quantum Firewalls and Security Gateways
Score 9.3 out of 10
Quantum Firewalls and Security Gateways
Score 9.3 out of 10
Enterprises
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
Score 9.2 out of 10
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
The Cisco [Firepower] 2100 [Series] is an easy sell for anyone looking. You already know Cisco excels in the security department, but now that firepower lives right on the box and inline with the rest of the firewall data flow you can save yourself a lot of time and headaches. Unless you cant quite afford Cisco's 2100 line, there's not much reason to go with the competition.
Since I've only used CrowdSec in a homelab/small-medium sized business setup, that's really the only market I can safely recommend it and say it's well suited for, because I don't know how much it would cost to run it in an enterprise environment. I've heard some pricing and how they plan on rolling out a subscription model, but it's still in talks. Either way, if you have publicly exposed web applications hosted locally or on a virtual private server, then CrowdSec should be part of every virtual machine and/or network. Even with the lmited number of filter you get out of the free subscription, it provides a nice layer of constantly updated data,
Provides great integrations with tools you already use, such as fail2ban, Cloudflare, WordPress, NGINX, Linux Firewalls, etc.
Lightweight agents can run on individual servers and report to a main security engine so that if there's an attack on one server and a block is implemented, the entire network can be protected
There are a lot of ways to receive alerts and store logs
CrowdSec Central API is a nice way to manage everything externally
Career-wise very familiar with the ASAs, you know, the previous gen firewalls, Pyxis, ASAs, the CHA. As far as being intuitive, those seem to be far more intuitive to learn and figure out what the features and changes and config management, all that stuff is. With Firepower, it's a learning curve and I feel like I have quite a bit of experience with it, and so does my team, but feels like it's not as intuitive, and trying to make changes just always seems harder for some reason. We've gone to some Cisco security training and all that, but even then it's just harder to work with. The other big thing is, and this is a big gripe of mine, I suppose, that on any other firewall, when we have various different manufacturers, if you make a change, you know, a simple change object, object name gets changed or object is deleted or whatever the simplest of change is, it gets implemented instantly.
With the Firepower system, you have to deploy the change and it'll take about six or seven minutes for the change to actually take, which is insanely different than any other platform where that change is instantaneous. So let's say if I'm making seven different changes for a troubleshooting job I don't know which one of the seven is gonna fix it, I do one by one by one. I'm like, oh, let me try one change, one second, change, third change, four changes. It's going to take seven deploys. And seven deploys mean it's gonna take an hour of just deploy time. So that is a big, big gripe
Getting CrowdSec to run on OPNsense can be a challenge, but that's also a limitation of the OS
You can only subscribe to a couple of feeds before paying an unknown amount of money that's part of their "Enterprise" package. So, there could be better transparency.
There are three main problems with this platform: - short EoL time - it is really missery because this platform was overrated from cisco sales and after shor time they accepted on EoL - sometimes problems with upgrades paths, because of strange behaviour between FXOS and ASA image on the top of it - not good performance when comparing to newer 1k platform
In the days of purchase of Cisco Firepower 2100 series it was new platform and Cisco aimed their sailsmains to force selling this platfrom. It was one of the first platform with FXOS with full support of ASA images. It was cheper then 4k series and would be better than ASA 5500-x series (but regarding all problems with upgrades and EoL , it is not).
