Cisco Firepower NGFW (formerly Sourcefire): The nextGen Solution
January 29, 2020

Cisco Firepower NGFW (formerly Sourcefire): The nextGen Solution

Kuntal Das | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Software Version


Overall Satisfaction with Cisco Firepower NGFW (formerly Sourcefire)

Cisco Firepower NGFW (formerly Sourcefire), as we call it, is being used by our Department for managing the security of our campus. The primary reason behind using it is to trigger alerts when there is an intrusion activity on our perimeter or even within our boundaries. Cisco Firepower NGFW (formerly Sourcefire) gives us a detailed report of suspicious packets going through it. These reports provide insight into the daily flow of malicious traffic on our network, university computers that show suspicious behavior, intruders trying to scan our network, users downloading/uploading malicious files, etc. It increases the visibility of our cyberinfrastructure, thereby helping us to secure it.
  • Cisco Firepower NGFW (formerly Sourcefire) shows a very detailed report of traffic that it finds as malicious. From Capturing Pcaps to generating analytics corresponding to an incident it makes it very easy for us analysts to decide the next steps.
  • Cisco Firepower NGFW (formerly Sourcefire) has search functionality that allows us to go very specific while on the managing window, unlike Palo Alto Panorama.
  • The UI in Cisco Firepower formerly Sourcefire) is complicated and entirely redundant. A lot of these features are not useful, and therefore, it can be removed from the main window.
  • The interface is very slow, with each operation taking a lot of time. Searching through the logs takes too much time.
  • Cisco Firepower (formerly Sourcefire) helped us to detect a lot of malware that was downloaded by some users within our network. A lot of them are backdoor for potential ransomware.
  • Once, it detected lateral movement of a ransomware within our network and helped us in containing and destroying it before it spreads, saving thousands of dollars worth of data.
Snort is an excellent tool for signature-based intrusion detection. Cisco Firepower NGFW (formerly Sourcefire) uses Snort under the hood. This makes it a potent detection tool with almost no false positives. When it comes to Comparison, it is at par with Palo Alto Panorama in terms of the only detection.
However, Panorama beats Cisco Firepower NGFW (formerly Sourcefire) because it provides a whole lot of features and is much faster at all scales of usage at a lower price.
Cisco support is not at all suitable for this product, at least. It takes a long for them to help us with our server issues. A lot of the time, the customer support person keeps on redirecting calls to another person. They need to be well versed with the terminologies of the product they are supporting us with. Support needs a lot of improvement. Cisco Fire Linux OS, the operating system behind Cisco Firepower NGFW (formerly Sourcefire), also doesn't receive regular patches. In short, average customer service.

Do you think Cisco Secure Firewall delivers good value for the price?


Are you happy with Cisco Secure Firewall's feature set?


Did Cisco Secure Firewall live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Cisco Secure Firewall go as expected?

I wasn't involved with the implementation phase

Would you buy Cisco Secure Firewall again?


Cisco Firepower NGFW (formerly Sourcefire) is suitable for scenarios where the organization has tonnes of data, i.e., a large scale. It does have lag and slow UI, and therefore it loses to its competitors. However, when the scale of data is enormous, the slow UI becomes less prominent as large data flow affects its competitors as well. Although time-consuming, the detection system of Cisco Firepower NGFW (formerly Sourcefire) is appreciable with very few false positives as it uses "snort" underneath. A good log analyzer like LogRhythm or Splunk, coupled with Cisco Firepower NGFW (formerly Sourcefire), makes it a great duo. But organizations having this IDS and no log analyzer makes it very difficult for the security analysts to do incident response because of its slow UI. Looking at its pricing and shortcomings, it makes less sense for small scale organizations with a limited budget to adopt it.

Cisco Secure Firewall Feature Ratings

Identification Technologies
Visualization Tools
Content Inspection
Policy-based Controls
Active Directory and LDAP
Not Rated
Firewall Management Console
Reporting and Logging
Not Rated
High Availability
Stateful Inspection
Proxy Server