Cisco Secure Firewall (formerly Cisco Firepower NGFW) is a firewall product that integrates with other Cisco security offerings. It provides Advanced Malware protection, including sandboxing environments and DDoS mitigation. Cisco also offers a Next Generation Intrusion Prevention System, which provides security across cloud environments using techniques like internal network segmentation. The firewall can be managed locally, remotely, and via the cloud. The product is scalable to the scope of…
N/A
Juniper MX Series
Score 6.2 out of 10
N/A
Juniper Networks describes their MX series as a robust portfolio of SDN-enabled routing platforms that provide system capacity, density, security, and performance with longevity. MX Series routers support digital transformation for service providers, cloud operators, and enterprises.
Well, I mean it is really meant for the edge. I think maybe some of the smaller models you could maybe use at your, if you have remote workers where you wanted to protect their environment more than in their home network or whatever, but for us, we've always use the enterprise versions.
It is well suited as a WAN/Internet Edge device. It is easy to configure BGP, contexts and routing instances. Its suite of tools has saved our organization money by being able to provide services (tag stacking, for example) that our provider would normally charge us more for. Due to interface cost this would not be appropriate as a LAN aggregation device.
It's been a big change for us because like I said, we've been using it about a year, I think. And we went from ASAs to this, so it was a big changeover from being able to do everything in CLI honestly, it's a bit clunky and more time consuming to have to configure things through the Gooey, which has been a pain point for us. But we've tried to automate as much as we can. What it does well is the analysis. The event, not event viewer, but unified event, that's what it is. Handy tool. Also the tunnel troubleshooting the site to site tunnel monitoring or troubleshooting, I can't remember what it's called. It's pretty good too. It's nice how it has some predefined commands in there. I'd say those are probably the things we like about it the most.
Sometimes it's the limitation of the throughput or limitation of the firewall. One DDoS attack they have the bandwidth capacity is very little. And then once there is DDoS attack. Many not only the firewall can protect that they need to take action further at the Upstreaming Provider, that side with the bigger pipe bandwidth for protecting the attack. Not only the firewall can prevent,. Yes. So sometimes firewalls still have the limitation and then need to do any additional monitoring or something. But we can do that with the ideas and IPS, but required to have the bigger pipe to protect DDos Attack, for example the bandwidth from the upstream network as well. I mean when many DDos Attack comes with big bandwidth, not only firewall can protect, but also the blackholing the traffic from upstream providers who has bigger bandwidth DDos mitigation services.
It works really well. We can do most anything we want or need to with it, and you don’t have to have a doctorate or multiple certs to necessarily figure it out. The thing that would probably have to happen to make us switch would be if we just got priced out - Cisco’s more powerful and higher bandwidth models cost a pretty penny.
Solution is highly effective, offers a lot of features with constant improvements and additions of new features over time. It's relatively easy to get familiar with the system, especially if transitioning from adaptive security appliances. If this is not the case, as for learnability there's a learning curve but once learned it is relatively easy to remember the details about the system even after a period of non-use
We have had really good success with Cisco Secure Firewall when it comes to availability. Even when we’ve had temporary issues with one appliance or the other, or with the Firewall Management Center, it has stayed up and defended our network diligently. We even had an issue where the licensing got disabled for multiple days, and it kept spinning like a top
Cisco support is not at all suitable for this product, at least. It takes a long for them to help us with our server issues. A lot of the time, the customer support person keeps on redirecting calls to another person. They need to be well versed with the terminologies of the product they are supporting us with. Support needs a lot of improvement. Cisco Fire Linux OS, the operating system behind Cisco Firepower NGFW (formerly Sourcefire), also doesn't receive regular patches. In short, average customer service.
In the beginning transition from Adaptive Security Appliance to Cisco Secure Firewall did not look like the best choice. Solution was new, there were a lot of bugs and unsupported features and the actual execution in the form of configuration via Firepower Management Center was extremely slow. Compare configuring a feature via CLI on ASA in a manner of seconds (copy/paste) to deployment via FMC to Secure Firewall which took approx. 10 mins (no exaggeration). Today, situation is a bit different, overall solution looks much more stable and faster then it was but there's still room for improvement.
We use the FMC as a virtual machine, it combines administration, monitoring and can be used perfectly for error analysis. There are restrictions due to administration without the FMC, so we decided on the FMC as the central administration.
We preferred Juniper over Cisco for our WAN/Internet routing needs for a number of reasons. First was the price, the Juniper offering was much more competitive than Cisco's. Secondly, was feature set, Juniper's implementation of routing protocols, routing tables, and forwarding options are better thought-out than Cisco's (not to mention Juniper's longstanding use of commit/confirm/rollback features, which Cisco has only started to use recently, and only on some of their products).
I hope this answers the question, but we have the conversation about costs on equipment and lead times have been getting better with firewalls, but those two were the main things that have affected ROI, I think for us. That makes them go to other distributors or even other vendors because they need the products quickly. If it's too costly or the lead times too high, then they'll just go elsewhere.
Its flexible architecture and configuration styles has saved our organization money by providing feature we would have otherwise needed to purchase from our ISPs.
It has a long and healthy lifecycle, with potential upgrades for more performance if needed. (This helps alleviate the downtime associated with chassis replacement.)
The only drawback is some of the highest throughput interfaces are expensive.