Item: Cisco Firepower 4100 Series
Rating: 10
Author: Charles Lund

Use Cases and Deployment Scope

We use two of them, in HA, to monitor and manage our network security for all of our internal network. We were the victim of a ransomware attack in 2021, and needed to upgrade our network's security significantly. We use the firepowers for policy management, VPN security, site-to-site and remote access tunnels, network monitoring, etc... It, in conjunction with several other Cisco products like Umbrella, Stealthwatch ISE and SecureX have significantly impacted our network security, and provided us with incredible visibility of what is going on in our environment.

Pros and Cons

Policy management in the GUI. I'm old-school, and still create ACLs in the CLI, but using the GUI for this is very nice.
Event monitoring and reporting is great, and you can get very granular when it comes to what information you are viewing.
I really like the troubleshooting features that are built in, especially the packet tracer and the ability to generate and download a troubleshooting package to review or send to TAC.

The failover process is clunky. When out FortiGate firewalls failed over, we lost 1 ping. When our Firepowers failover, whether it is on purpose or not, we experience a 2.5 minute complete outage.
Cisco could stand to improve their support documentation. I have found it difficult to find good directions for configuring these, especially when it comes to NAT and IPSEC tunnels.

Return on Investment

We feel much more confident in our security.
Management is easily done, which reduces the amount of time it take to implement new policies.
Troubleshooting has become easier because of the GUI and the built-in tools.

Alternatives Considered

Fortinet FortiGate

As I mentioned before, the Fortigates have better failover. I think the Cisco interface is easier to use that that of the FortiGate. My only criticism would be that with multiple CLIs, it can get a bit confusing when you are trying to configure something or troubleshoot from the CLI.

Key Insights

Do you think Cisco Firepower 4100 Series delivers good value for the price?

Yes

Are you happy with Cisco Firepower 4100 Series's feature set?

Yes

Did Cisco Firepower 4100 Series live up to sales and marketing promises?

Yes

Did implementation of Cisco Firepower 4100 Series go as expected?

Would you buy Cisco Firepower 4100 Series again?

Yes

Other Software Used

Cisco Catalyst 9300 Series Switches, Cisco Aironet and Catalyst Access Points, Cisco Meraki Insight

Likelihood to Recommend

I'm not sure. I think they would be useful in any environment where a powerful, next-gen firewall should be used. The 4100s are quite expensive, with massive capabilities, so I don't think they'd be suitable for small organizations, but for our college, they are perfect.

Cisco Firepower 4100 Series Review

Software Version

Overall Satisfaction with Cisco Firepower 4100 Series