Cisco Secure Firewall Management Center (formerly Firepower Management Center) are a firewall policy and intrusion detection appliance management system, providing an administrative nerve center for managing critical Cisco network security solutions. It provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. Easily go from managing a firewall to controlling applications to investigating and remediating…
N/A
FortiManager
Score 8.7 out of 10
N/A
FortiManager delivers unified management for consistent security across complex hybrid environments, providing protection against security threats. Key benefits include accelerated zero-touch provisioning with best-practice templates for deployment at scale of SD-WAN and streamlined workflows between the Fortinet Security Fabric and integrations with 500+ ecosystem partners.
FMC is feature-rich and user-friendly. Cisco firewalls can run on standalone mode (FDM) but fewer features are supported on FDM. FMC is a must when working with Cisco Firewall. Migration from Cisco ASA to Cisco FTD is easy. There is a tool (FMT) that converts and imports the cisco IOS configuration file to FMC. FMC runs in VM or can be purchased as a physical appliance. The downside is that FMC is not quite fast and has bugs, especially when running in the older version 5x. and 6x.
FortiManager is well suited for larger organizations which require unified configurations and IT departments that need quick turn around on firewall related tickets. I believe MSPs can also benefit with the use of the VDOM feature, if strict separation between clients is needed. FortiManager wouldn't be ideal for 1-3 site operations, unless their configurations are extremely complex or have a high number of active users.
Stability when managing firewalls, we're having issues with Firewall 01 and Firewall 02 remaining in sync
Reporting when it comes to access control policy rules - there is no way to export a report of the rules easily. Using a custom Python script on the Cisco forums is the only way to easily export a CSV.
Support for policy and route-based site-to-site VPN was not available until 6.6.0 and later. This forced us to purchase ASAs to bridge that gap.
Dashboard reporting - when clicking a link for more information, nothing displays. Currently working with Cisco on the support case, which has been escalated.
Various bugs: The software is buggy, and if you don't have a good understanding of it's underlaying operation, you can get confused or stuck when pushing a configuration. There are lots of little quirks you will have to learn, which are not described in any documentation.
Conflict resolution: Occasionally, during larger changes, bringing new devices in, pushing a config will fail due to dependencies, conflicts, or other software bugs. This is somewhat time consuming because the error messages provided aren't descriptive
CLI Options: Some configuration changes require creating scripts that execute on each device, and can't be done via the GUI
We are very satisfied with SecureX and it's adaptive, active nature in protecting or data and systems. It's easy to administer, update, review notifications and update when necessary. Cisco's security practice fits into our needs and continues to evolve as global cyber events change. SecureX is easy to migrate to new cisco gear as we upgrade to newer models when supports ends on older gear. Enabling fast ROI during these capital expenditure projects.
Overall usability is an eight for me because it is easy to manage the firewall policies and monitor the devices' health. The configurations are all done in the GUI which makes it more convenient and hassle free. You can also see the devices' health and the progress of the task thru its taskbar.
Since moving to Cisco secure management center from firepower management center we've had no application issues, outages or any other problems. It's always been there for us and always provides us the necessary protection and notification when we need it. Been very happy with all of our Cisco systems over our tenure to date.
We have the direct support of the manufacturer through its service channels, the attention is 24/7, and the response time is acceptable. The support for this tool is almost nil. It all depends on the level of implementation is carried out so that it can fail and request collaboration. Anyway, the manufacturer backs the entire Cisco Firepower Management Center (FMC series appliances) solution.
Cisco secure firewall management center is easy to install, moderate to setup in conjunction with firewall hardware, and administration of policy changes afterwards is pretty straight forward. And flexible to add more advanced security configurations as needed. Cisco support website is pretty good for researching how to documentation too. Cisco secure firewall management center enables integration to SecureX - the cloud security protection service. And AMP which protects packet flow with real time analysis. Cisco secure fmc is the evolved name for cisco firepower management center so for those customers who have firepower this is a simple migration.
We are managing multiple customers having a large number of Cisco devices that need to be managed by a single platform. For that reason, we have selected the Cisco Firewall Management Center than checkpoint firewall management. It simplifies and automates newly bought cisco firewalls at remote branch offices to manage, configure and troubleshoot them.
FortiManager is the best choice for managing numerous FortiGate firewalls. It allows for easy integration into ServiceNow and automates simple repetitive tasks that are very straightforward. Role-based access control is easy to enable and you can get quite granular with user permissions. Administrative Domains help segregate firewall management and compliance within the FortiManager console, by almost any classification method that makes sense to your organization.
It's a very straightforward and user-friendly tool that has enhanced the total detection of malware and other threats t from intrusion into our network.
Provides stable deep network scanning, security visibility, and protection from unauthorized access.
The platform modular allows us to deploy across multiple budget cycles.
