Likelihood to Recommend
If you are already using [a] Cisco product like the
Series and you need more security on layer 7 then you can upgrade with firepower. This is well suited for middle and big organizations. If your company deals with credit card information then you should buy this firewall. It provides you all the features to stop any type of advanced attack on your organization
Read full review
WatchGuard XTM comes in different models, so you can choose the model best suited for your company size. I think it works well in small as well as very large networks. I have not used this feature, but you can create a "FireCluster" to connect member devices of the same model if you need to put multiple WatchGuard XTMs in your environment. Coming from command line, it took a little adjusting to learn which screen to use to set up the different rules. Once you understand how to set up policies, it is simple to create more. New firewall administrators would appreciate the ease of creating policies, and expert administrators should find everything they need plus extra features.
Read full review Pros Cisco Firepower NGFW (formerly Sourcefire) shows a very detailed report of traffic that it finds as malicious. From Capturing Pcaps to generating analytics corresponding to an incident it makes it very easy for us analysts to decide the next steps. Cisco Firepower NGFW (formerly Sourcefire) has search functionality that allows us to go very specific while on the managing window, unlike Palo Alto Panorama. Read full review Proxy filter. Link redundancy. Security. Read full review Cons Support for native VXLAN CLI support on the FTDs Support for all the BGP features, there are commands that show issues with network subnets being received or advertised. Show BGP neighbor x.x.x.x received-routes This shows an issue that soft-inbound is not applied when it is applied. Read full review Support can be hard to work with. While they are typically knowledgeable, there can be a language barrier. Also, most troubleshooting seems intrusive which is a problem in a production environment. The throughput of the cheaper models leaves something to be desired. Have had some issues running VOIP behind these, but have not been able to narrow down the issues to the phone provider or WatchGuard yet. Read full review Likelihood to Renew
There are other vendors on the market with highly complimented solutions and based on the feedback received by fellow engineers using them in production in their organizations it sounds like something worth paying attention to. Proof of concept and feature comparison with Cisco Secure Firewall will would be the next potential step. Overall, the user experience with ease of management of solutions might be the key here.
Read full review Usability
Solution is highly effective, offers a lot of features with constant improvements and additions of new features over time. It's relatively easy to get familiar with the system, especially if transitioning from adaptive security appliances. If this is not the case, as for learnability there's a learning curve but once learned it is relatively easy to remember the details about the system even after a period of non-use
Read full review Reliability and Availability
As for the availability, in general we did not experience any issues with it, neither in situations where there's only one physical device implemented nor when there's and High Availability pair. Failover works like a charm, no complaints here, it works as it should and so far it has been highly reliable.
Read full review Support Rating
Customer service has been great. TAC has been mostly able to identify and fix problems that we may have and have been very responsive. If for some reason something isn't fixed right away, they have been adamant on staying with us and working the issues out before things get escalated up the chain.
Read full review Implementation Rating
In the beginning transition from Adaptive Security Appliance to Cisco Secure Firewall did not look like the best choice. Solution was new, there were a lot of bugs and unsupported features and the actual execution in the form of configuration via Firepower Management Center was extremely slow. Compare configuring a feature via CLI on ASA in a manner of seconds (copy/paste) to deployment via FMC to Secure Firewall which took approx. 10 mins (no exaggeration). Today, situation is a bit different, overall solution looks much more stable and faster then it was but there's still room for improvement.
Read full review Alternatives Considered
We've selected the Cisco Secure firewall as there is full Layer 7 functionality. You get more features out of the box so to speak with full application visibility and control, Intrusion Prevention, SI (Security Intelligence), Adavanced Malware Protection and a whole host of other feature. Although some of these are available in Meraki, the Cisco Secure Firewall goes into the next level.
Read full review
Again, WatchGuard is priced much lower than other vendors in its space. It may not have some of the bigger features such as Layer 7 awareness. It's more simple to manage and provides IT staff the time to work on other tasks versus time spent to create complex rule sets.
Read full review Return on Investment Cisco Secure Firewall has provided a single management interface for all of our devices. We have had issues implementing 1010 in HA where a site was using a dynamic IP previously. Lack of DHCP options has slowed deployment to our smaller sites. Read full review Easy to set up and connect firewalls Easy to set up branch tunnels Less time spent training Read full review ScreenShots