Cisco Secure Firewall (formerly Cisco Firepower NGFW) is a firewall product that integrates with other Cisco security offerings. It provides Advanced Malware protection, including sandboxing environments and DDoS mitigation. Cisco also offers a Next Generation Intrusion Prevention System, which provides security across cloud environments using techniques like internal network segmentation. The firewall can be managed locally, remotely, and via the cloud. The product is scalable to the scope of…
N/A
PRTG
Score 8.7 out of 10
N/A
PRTG Network Monitor is the flagship offering from German software company Paessler, for monitoring local and wide area networks (LANs & WANs), servers, websites, apps, and more.
Well suited any edge kind of protection, which is obviously, again, what firewalls really used for. Less suited if you need more detailed protection, more granular, shall I say it's a better word, more granular protection. The ability to filter not just on IPS and ports, but a much deeper look at the packets and do that.
integrates seamlessly with Windows servers via WMI and PowerShell, providing deep insights into resource usage, performance metrics, and system health. It's excellent at tracking CPU, memory, disk space, and event logs, enabling rapid troubleshooting and proactive maintenance. PRTG Network Monitor also effectively monitors Fortigate devices, providing detailed data on firewall health, traffic patterns, bandwidth utilization, VPN status, and security alerts. This visibility helps detect and resolve network security issues promptly.
It's been a big change for us because like I said, we've been using it about a year, I think. And we went from ASAs to this, so it was a big changeover from being able to do everything in CLI honestly, it's a bit clunky and more time consuming to have to configure things through the Gooey, which has been a pain point for us. But we've tried to automate as much as we can. What it does well is the analysis. The event, not event viewer, but unified event, that's what it is. Handy tool. Also the tunnel troubleshooting the site to site tunnel monitoring or troubleshooting, I can't remember what it's called. It's pretty good too. It's nice how it has some predefined commands in there. I'd say those are probably the things we like about it the most.
I have one argument, failover scenario. It's not quite easy. Failover scenario of firewalls. It's sometimes not quite easy to know the issue. But if we open a tech case, a technical case to Cisco, Cisco will help us, it's a little bit con, but we are happy with this product.
Licensing on a per entity basis can be cumbersome for devices which have a ton of monitoring points like network switches\routers. Each sensor may count against a license, which could be a lot of you were monitoring every TX\RX of an SFP for example
A better method to easily template\copy monitors across devices
The navigation in the web GUI could be a little more straightforward in terms of the hierarchy
It works really well. We can do most anything we want or need to with it, and you don’t have to have a doctorate or multiple certs to necessarily figure it out. The thing that would probably have to happen to make us switch would be if we just got priced out - Cisco’s more powerful and higher bandwidth models cost a pretty penny.
I would renew it because the platform has brought us many technical and economic benefits that make the cost-benefit ratio very good. Additionally, to do so does not require large investments in training, licensing or infrastructure, and at the administration level, extensive knowledge is not required to be able to bear it.
Solution is highly effective, offers a lot of features with constant improvements and additions of new features over time. It's relatively easy to get familiar with the system, especially if transitioning from adaptive security appliances. If this is not the case, as for learnability there's a learning curve but once learned it is relatively easy to remember the details about the system even after a period of non-use
The tool is very intuitive to use and it is Windows-based (everybody knows how to use Windows) so it's easy to get into. Every time is setup in a hierarchy so if you have a good initial hierarchy design, it will really reduce administrative effort down the road.
We have had really good success with Cisco Secure Firewall when it comes to availability. Even when we’ve had temporary issues with one appliance or the other, or with the Firewall Management Center, it has stayed up and defended our network diligently. We even had an issue where the licensing got disabled for multiple days, and it kept spinning like a top
Cisco support is not at all suitable for this product, at least. It takes a long for them to help us with our server issues. A lot of the time, the customer support person keeps on redirecting calls to another person. They need to be well versed with the terminologies of the product they are supporting us with. Support needs a lot of improvement. Cisco Fire Linux OS, the operating system behind Cisco Firepower NGFW (formerly Sourcefire), also doesn't receive regular patches. In short, average customer service.
PRTG does everything we need it to do and more. Ease of use, ease of management and maintenance and clarity of monitoring of hundreds of different types of device and service gives this a large advantage over other products on the market that I have tried. I would definitely recommend it to anyone who needs a network monitoring product in their environment and even to people who don't know they need a solution yet!
was a good training but questions was answered not so good. Training was "Fundamentals of Cisco Firewall Threat Defense and Intrusion Prevention (SFWIPF)".
In the beginning transition from Adaptive Security Appliance to Cisco Secure Firewall did not look like the best choice. Solution was new, there were a lot of bugs and unsupported features and the actual execution in the form of configuration via Firepower Management Center was extremely slow. Compare configuring a feature via CLI on ASA in a manner of seconds (copy/paste) to deployment via FMC to Secure Firewall which took approx. 10 mins (no exaggeration). Today, situation is a bit different, overall solution looks much more stable and faster then it was but there's still room for improvement.
It's very important that de project's teams have different member of the TI. We have learned too late the importa of Security Analyst at the design architecture moment. We have to rebuild part of the implementation for made this big mistake.
I think the Cisco product is probably pretty much equal now. I would love to say that Cisco is way more advanced or whatever, but Palo Alto, they just focus solely really on firewalls. And before Cisco came out with the FTD, the ASAs would only do layer four. So that's one of the reasons why that we purchased the Palo Alto is because they would do layer seven. And when we went to the FTDs, since they do layer seven as well, we just wanted to have different layers of security with our firewalls. So we just put the Palo Altos behind the Ciscos in case that there was anything that the Ciscos didn't catch, the Palo Altos would.
PRTG offers more versatility in monitoring when compared to the other solutions we tested. The other solutions were also limited as far as customization options, which made them less adaptable to our networks. When compared to Auvik, for instance, we prefer PRTG as it offers immediate notifications through the desktop client - not limited to email notifications as with Auvik. We also appreciate the fact that PRTG can be self/on-prem hosted vs Auvik's cloud model. This makes for an easier deployment and less firewall adjustments to allow traffic to cloud-hosted solutions.
Some patching for zero day exploits have resulted in bugs causing downtime, meaning decision between vuln patching or risk of downtime needs to be discussed.
Peace of mind that the device will receive continued upgrades and with a quick turnaround.
Ability to use TAC for issues.
Ease of hiring candidates with experience in product line.
The ability to analyze multiple pieces of information in one place, especially with historical data, has saved our IT department time and headaches. It would be so much more difficult to trace an issue without PRTG, just relying on event logs and an open task manager window.
The cost is not cheap, so it's an expense that hits the bottom line like everything else. Figure in hardware costs as well, ideally a server outside of your main environment.
I keep saying this, but the historical data piece is worth so much. There's really no good way to collect all of that information in one place without something like PRTG. And that definitely saves time and money in the long run.
