Cisco Secure Firewall (formerly Cisco Firepower NGFW) is a firewall product that integrates with other Cisco security offerings. It provides Advanced Malware protection, including sandboxing environments and DDoS mitigation. Cisco also offers a Next Generation Intrusion Prevention System, which provides security across cloud environments using techniques like internal network segmentation. The firewall can be managed locally, remotely, and via the cloud. The product is scalable to the scope of…
N/A
pfSense
Score 9.2 out of 10
N/A
pfSense is a firewall and load management product available through the open source pfSense Community Edition, as well as a the licensed edition, pfSense Plus (formerly known as pfSense Enterprise). The solution provides combined firewall, VPN, and router functionality, and can be deployed through the cloud (AWS or Azure), or on-premises with a Netgate appliance. It as scalable capacities, with functionality for SMBs. As a firewall, pfSense offers Stateful packet inspection, concurrent…
pfsence is a very complicated firewall and there is lots of documentation available on Cisco website for help. The configuration is very difficult and less documentation available. Cisco Secure Firewall provides us all the security features in low cost and this is very easy to …
Sometimes it is really hard to handle. There are so many bugs especially when it comes to ACL or HA creation. Sometimes the Cisco Secure Firewall just needs a restart in order to work but that shouldn't be like that in our environment the Cisco Secure Firewall is the heart of the network and if the Cisco Secure Firewall is down the whole branch is down, for that we need a more reliable product.
Because pfSense is built around open source software, it is very convenient to be able to deploy in the event of hardware failure. We once had a client with a proprietary router that failed. While the router was under warranty, the expected time for the new router to arrive was about 2 weeks. We decided to implement pfSense for the client as a stop gap and ultimately ended up deploying the full enterprise appliance. Being able to get up and running using commodity hardware was a huge win for the client. We've also had a great amount of success deploying pfSense hardware at apartment complexes. The DNS resolver works great and we've had no issues handling multiple VLANs with various DHCP scopes on it. Finally, we've had clients that require having a failover cluster. Utilizing the built in CARP capabilities, we've been able to provide a very robust failover system that requires little maintenance and no downtime in the event of equipment failure.
How the firewall works well is normally the firewall is protecting the secure network for the internal network to prevent the attack from external network. normally for the ISP customer, we usually filter the firewall polices only for the server farm, server farm because normally in ISP is the customer doesn't want to be filtered. So only for the server farm, they need the firewall for the enterprise like banking and for the DDoS attack, like the malware attack, something like that. And then sometimes it's some customer in ISPalso, they got the many DDoS attack and then they are using the public ip. When there are using the public ip, they need to protect their ip. So they need to use the firewall. So the firewall is essentially needed. many attackers and many, many things, terrible things have been to the network which has large impact..
Easy to use. Good user interface design! Easy to understand and easy to set up.
Lower hardware requirement. 3 years ago, we used an old PC to run it. Now, we have changed to a router device with Celeron CPU and 8GB RAM. It runs smoothly with a 1000G commercial broadband.
The UI in Cisco Firepower formerly Sourcefire) is complicated and entirely redundant. A lot of these features are not useful, and therefore, it can be removed from the main window.
The interface is very slow, with each operation taking a lot of time. Searching through the logs takes too much time.
I did kind of mention a Con in the Pro section with OpenVPN.
When I create a config for an employee other employees are able to login to that config.
I could be doing something wrong when I am making it - I am not afraid to admit that as I am pretty new to all of this, but it seems like it builds a key and I would think the key would be unique in some way to each employee, but I could be wrong.
I actually do not have a lot of Con's for this software - I did not get to set this up on our work network so I am not sure of any downfalls when installing.
I installed this on my personal machine in a Hyper-V environment to get a feel for it before I started working on it at work and it seemed pretty smooth. I didn't run into any issues.
It works really well. We can do most anything we want or need to with it, and you don’t have to have a doctorate or multiple certs to necessarily figure it out. The thing that would probably have to happen to make us switch would be if we just got priced out - Cisco’s more powerful and higher bandwidth models cost a pretty penny.
Solution is highly effective, offers a lot of features with constant improvements and additions of new features over time. It's relatively easy to get familiar with the system, especially if transitioning from adaptive security appliances. If this is not the case, as for learnability there's a learning curve but once learned it is relatively easy to remember the details about the system even after a period of non-use
We have had really good success with Cisco Secure Firewall when it comes to availability. Even when we’ve had temporary issues with one appliance or the other, or with the Firewall Management Center, it has stayed up and defended our network diligently. We even had an issue where the licensing got disabled for multiple days, and it kept spinning like a top
Customer service has been great. TAC has been mostly able to identify and fix problems that we may have and have been very responsive. If for some reason something isn't fixed right away, they have been adamant on staying with us and working the issues out before things get escalated up the chain.
In the beginning transition from Adaptive Security Appliance to Cisco Secure Firewall did not look like the best choice. Solution was new, there were a lot of bugs and unsupported features and the actual execution in the form of configuration via Firepower Management Center was extremely slow. Compare configuring a feature via CLI on ASA in a manner of seconds (copy/paste) to deployment via FMC to Secure Firewall which took approx. 10 mins (no exaggeration). Today, situation is a bit different, overall solution looks much more stable and faster then it was but there's still room for improvement.
We use the FMC as a virtual machine, it combines administration, monitoring and can be used perfectly for error analysis. There are restrictions due to administration without the FMC, so we decided on the FMC as the central administration.
While you can get the performance out of other products, pfSense offers the unique ability to put other services on the same device. Products such as Untagle's NG Firewall and SonicWall's TZ series offer cost effective options for firewall and VPN services, having incoming load balancing and connection proxies on the same device as the firewall offers extremely easy configuration and day to day management of network services
Using pfSense has allowed us to build a professional network in our small office without needing a lot of proprietary hardware, saving thousands of dollars in IT infrastructure investment.
The cost for using pfSense is free, so it's a great option for those who don't have a large IT budget
pfSense utilizes all of the industry standard services to provide all of it's functionality, so support for service-level issues is readily available
Because of how much work has been put into pfSense to make it rock solid and reliable, we're able to support our network with minimal IT staffing, saving us thousands of dollars/year in personnel alone.
