Item: Cisco Secure Firewall Management Center
Rating: 7
Author: Verified User

Use Cases and Deployment Scope

Cisco Secure Firewall Management Center [(formerly Firepower Management Center)] is being used by the Network Administrators and Engineers to protect the company and its remote locations at the edge (i.e. the Internet) as well as providing the remote access VPN via Cisco AnyConnect. It's managing one pair of Cisco FTD firewalls running 6.6.0+. These were deployed when replacing a managed service provider that caused challenges when managing the internet connection, bandwidth, security, and remote-access VPN. This is not currently being used for site-to-site VPN, as it wasn't capable of route and policy-based VPN at the time of purchase.

Pros and Cons

Firewall rule management
Graphical representation of data
Remote access VPN management

Stability when managing firewalls, we're having issues with Firewall 01 and Firewall 02 remaining in sync
Reporting when it comes to access control policy rules - there is no way to export a report of the rules easily. Using a custom Python script on the Cisco forums is the only way to easily export a CSV.
Support for policy and route-based site-to-site VPN was not available until 6.6.0 and later. This forced us to purchase ASAs to bridge that gap.
Dashboard reporting - when clicking a link for more information, nothing displays. Currently working with Cisco on the support case, which has been escalated.

Return on Investment

We are able to more easily manage the firewalls and their rules via the UI versus relying on an MSP.
We were not aware of the site-to-site capability limitations when purchasing, so we had to purchase additional hardware to repair that issue at the time.
The API does make it easy to build multiple rules, objects, etc. in bulk, and we have used it quite a lot. This prevents tedious and typo-prone tasks from occurring on the regular.
Multiple cases have been required for issues with the firewalls and the management center.

Alternatives Considered

Fortinet FortiGate and Palo Alto Networks Next-Generation Firewalls - PA Series

We selected Cisco due to the availability and reputation of their products. We had checked a few others, and found issues that may or may not have affected our company negatively. Cisco's devices, however, have proven to have their own issues and challenges.

Key Insights

Do you think Cisco Secure Firewall Management Center delivers good value for the price?

Yes

Are you happy with Cisco Secure Firewall Management Center's feature set?

Yes

Did Cisco Secure Firewall Management Center live up to sales and marketing promises?

Did implementation of Cisco Secure Firewall Management Center go as expected?

Yes

Would you buy Cisco Secure Firewall Management Center again?

Yes

Other Software Used

SolarWinds Service Desk (SSD), Microsoft System Center, Cisco Jabber

Likelihood to Recommend

[Cisco Secure Firepower Management Center (formerly Firepower Management Center)] is a good replacement to have next-generation firewalls to replace Cisco ASAs if the business wants to stick with Cisco gear. There are issues with pairs of firewalls remaining in sync, site-to-site VPN support on versions pre-6.6.0, being able to dial down into dashboard graphs, as clicking a link takes you to a page with no results, and deploys are slow when comparing to typing commands into an ASA CLI, as it can take multiple minutes for one configuration change.

Firewall Management With Some Issues

Overall Satisfaction with Cisco Secure Firewall Management Center (formerly Firepower Management Center)