Tired of CLI? Move up to Firewpower
July 13, 2021

Tired of CLI? Move up to Firewpower

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source

Software Version

Other

Overall Satisfaction with Cisco Secure Firewall (formerly Firepower NGFW)

Version information: Firepower NGFW 2110

We currently use two [Cisco Secure Firewall (formerly Firepower 2110 )]in a HA Pair for a large department in our organization. It handles the North/South traffic as well as the VPNs for about a dozen offices. We use it in conjunction with the Cisco FMC. We moved from ASAs to these last year and the shift was to include the NGFW features that we were missing out on with the ASAs. Additionally, the modern GUI interface is a significant step up from the CLI of the ASAs.
  • Updates with the HA Pair are incredibly easy and automated
  • FMC with Firepowers provide a single place to view information about devices and connections
  • Tedious policy changes can be staged during the working hours and then deployed in one click after hours
  • Part of the update process is a readiness check, it cannot be done on an HA Pair. Navigation through several layers of CLI are required to do this.
  • Custom OS detection has been clunky at best; NMAP scans need improving.
  • Better integration/communication with Cisco's other products like AMP and Umbrella
  • Elimination/consilidation of 200+ dead access policies
  • Service interruptions reduced to less than 1 per month
  • False positive alerts down overall

Do you think Cisco Secure Firewall delivers good value for the price?

Yes

Are you happy with Cisco Secure Firewall's feature set?

Yes

Did Cisco Secure Firewall live up to sales and marketing promises?

Yes

Did implementation of Cisco Secure Firewall go as expected?

Yes

Would you buy Cisco Secure Firewall again?

Yes

Cisco Secure Endpoint (formerly Cisco AMP), Cisco Umbrella, Cisco Identity Services Engine (ISE)
We use [Cisco Secure Firewall (formerly Firepower NGFW)] in a spoke and wheel setup for a multitude of offices that rely on high uptime and count on no tunnel interruptions. The Firepowers have done really well here.

They are not suited for smaller environments or deployed at one per office. They do not profile a network well.

Cisco Secure Firewall Feature Ratings

Identification Technologies
4
Visualization Tools
9
Content Inspection
7
Policy-based Controls
10
Active Directory and LDAP
8
Firewall Management Console
10
Reporting and Logging
8
VPN
9
High Availability
10
Stateful Inspection
10
Proxy Server
Not Rated