Cisco Secure Firewall (formerly Cisco Firepower NGFW) is a firewall product that integrates with other Cisco security offerings. It provides Advanced Malware protection, including sandboxing environments and DDoS mitigation. Cisco also offers a Next Generation Intrusion Prevention System, which provides security across cloud environments using techniques like internal network segmentation. The firewall can be managed locally, remotely, and via the cloud. The product is scalable to the scope of…
N/A
Untangle NG Firewall
Score 9.4 out of 10
N/A
Untangle NG Firewall is an open-source firewall and gateway security platform. It offers a free core firewall platform with paid add-ons, and a cloud-based management platform with a variety of deployment options for smaller teams.
Sometimes it is really hard to handle. There are so many bugs especially when it comes to ACL or HA creation. Sometimes the Cisco Secure Firewall just needs a restart in order to work but that shouldn't be like that in our environment the Cisco Secure Firewall is the heart of the network and if the Cisco Secure Firewall is down the whole branch is down, for that we need a more reliable product.
Untangle is very strong in the "traditional" sense of security. That means an edge appliance that either works with an existing router or is the router itself (recommended). This approach has also been adapted well to cloud environments in order to protect virtual servers and VDI workstations. As mentioned earlier, many schools are using cloud-based filtering for their 1:1 solutions for their students. This is an area where Untangle is unable to serve. Some have used an instance of Untangle in the cloud with VPN to serve their remote needs, but it is not the same as solutions that are designed for cloud-based filtering of devices without VPN.
How the firewall works well is normally the firewall is protecting the secure network for the internal network to prevent the attack from external network. normally for the ISP customer, we usually filter the firewall polices only for the server farm, server farm because normally in ISP is the customer doesn't want to be filtered. So only for the server farm, they need the firewall for the enterprise like banking and for the DDoS attack, like the malware attack, something like that. And then sometimes it's some customer in ISPalso, they got the many DDoS attack and then they are using the public ip. When there are using the public ip, they need to protect their ip. So they need to use the firewall. So the firewall is essentially needed. many attackers and many, many things, terrible things have been to the network which has large impact..
Web Filtering is strong, and can also do application fingerprinting to allow Facebook, but not Facebook games. Secondly, a separate partition called a "rack" can be set up to give one subnet or group of users different web filtering policies than another. For example, teachers would get more freedom to browse the web than students at a school.
Built-in SD-WAN connectivity as part of your license. IPSEC tunnel creation is also amazingly easy.
Will install on any x86 hardware created in the last 5-10 years. Ram and processor requirements per user are very low.
Reporting is phenomenal, however you can get death by details very easily.
The UI in Cisco Firepower formerly Sourcefire) is complicated and entirely redundant. A lot of these features are not useful, and therefore, it can be removed from the main window.
The interface is very slow, with each operation taking a lot of time. Searching through the logs takes too much time.
The full suite can be expensive for business but will be powerful enough.
The full suite for home or small office isn't that bad of a price but may be out of reach for most home users but remember the basics are FREE so anyone can get started with it.
I would like to see it promoted for mid to large businesses as I think it can handle it.
It works really well. We can do most anything we want or need to with it, and you don’t have to have a doctorate or multiple certs to necessarily figure it out. The thing that would probably have to happen to make us switch would be if we just got priced out - Cisco’s more powerful and higher bandwidth models cost a pretty penny.
Solution is highly effective, offers a lot of features with constant improvements and additions of new features over time. It's relatively easy to get familiar with the system, especially if transitioning from adaptive security appliances. If this is not the case, as for learnability there's a learning curve but once learned it is relatively easy to remember the details about the system even after a period of non-use
We have had really good success with Cisco Secure Firewall when it comes to availability. Even when we’ve had temporary issues with one appliance or the other, or with the Firewall Management Center, it has stayed up and defended our network diligently. We even had an issue where the licensing got disabled for multiple days, and it kept spinning like a top
Customer service has been great. TAC has been mostly able to identify and fix problems that we may have and have been very responsive. If for some reason something isn't fixed right away, they have been adamant on staying with us and working the issues out before things get escalated up the chain.
In the beginning transition from Adaptive Security Appliance to Cisco Secure Firewall did not look like the best choice. Solution was new, there were a lot of bugs and unsupported features and the actual execution in the form of configuration via Firepower Management Center was extremely slow. Compare configuring a feature via CLI on ASA in a manner of seconds (copy/paste) to deployment via FMC to Secure Firewall which took approx. 10 mins (no exaggeration). Today, situation is a bit different, overall solution looks much more stable and faster then it was but there's still room for improvement.
We use the FMC as a virtual machine, it combines administration, monitoring and can be used perfectly for error analysis. There are restrictions due to administration without the FMC, so we decided on the FMC as the central administration.
NG Firewall was much more friendly in terms of layout and ease of use, the apps section is familiar to anyone and the config while in a sort of odd order is very clearly laid out. I also appreciate Untangle's endless educational videos and the support can't be beat. Overall it was more of a complete package
The positive is the savings in time the IT department has recouped by not having to continuously clean and maintain end point computers. Not to mention helping end user use their time more wisely by not wasting time on non-work related web activities.
The only negative is complaints from end users about the restrictions.
