Tired of CLI? Move up to Firewpower
July 13, 2021

Tired of CLI? Move up to Firewpower

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source

Software Version


Overall Satisfaction with Cisco Secure Firewall (formerly Firepower NGFW)

Version information: Firepower NGFW 2110

We currently use two [Cisco Secure Firewall (formerly Firepower 2110 )]in a HA Pair for a large department in our organization. It handles the North/South traffic as well as the VPNs for about a dozen offices. We use it in conjunction with the Cisco FMC. We moved from ASAs to these last year and the shift was to include the NGFW features that we were missing out on with the ASAs. Additionally, the modern GUI interface is a significant step up from the CLI of the ASAs.
  • Updates with the HA Pair are incredibly easy and automated
  • FMC with Firepowers provide a single place to view information about devices and connections
  • Tedious policy changes can be staged during the working hours and then deployed in one click after hours
  • Part of the update process is a readiness check, it cannot be done on an HA Pair. Navigation through several layers of CLI are required to do this.
  • Custom OS detection has been clunky at best; NMAP scans need improving.
  • Better integration/communication with Cisco's other products like AMP and Umbrella
  • Elimination/consilidation of 200+ dead access policies
  • Service interruptions reduced to less than 1 per month
  • False positive alerts down overall

Do you think Cisco Secure Firewall delivers good value for the price?


Are you happy with Cisco Secure Firewall's feature set?


Did Cisco Secure Firewall live up to sales and marketing promises?


Did implementation of Cisco Secure Firewall go as expected?


Would you buy Cisco Secure Firewall again?


Cisco Secure Endpoint (formerly Cisco AMP), Cisco Umbrella, Cisco Identity Services Engine (ISE)
We use [Cisco Secure Firewall (formerly Firepower NGFW)] in a spoke and wheel setup for a multitude of offices that rely on high uptime and count on no tunnel interruptions. The Firepowers have done really well here.

They are not suited for smaller environments or deployed at one per office. They do not profile a network well.

Cisco Secure Firewall Feature Ratings

Identification Technologies
Visualization Tools
Content Inspection
Policy-based Controls
Active Directory and LDAP
Firewall Management Console
Reporting and Logging
High Availability
Stateful Inspection
Proxy Server
Not Rated