3 Replies Latest reply on Oct 19, 2017 9:17 AM by rschroeder

    OT - Cisco Firepower? - network peeps

    pseudocyber

      Offtopic for NPM - but figured this is where the network peeps might see the question - Does anyone use Cisco Firepower IPS?  We're thinking about various IPS solutions, and I'd like to find someone with some Firepower experience.

       

      Thanks.

        • Re: OT - Cisco Firepower? - network peeps
          rschroeder

          We're using it.  Our Info Sec team seems impressed.  The learning curve is steep, but the GUI seems pretty fast.

            • Re: OT - Cisco Firepower? - network peeps
              pseudocyber

              We're still at it.  Weighing Palo Alto vs. Checkpoint.  I think Palo Alto is in the lead.

                • Re: OT - Cisco Firepower? - network peeps
                  rschroeder

                  We've had to move away from the idea of "best of breed" and move towards fuller integration, so it's getting to be more and more Cisco hardware, from UCS chasses hosting a LOT of servers/apps to wireless Access Points, to Meraki home networking to work, to all our switches & routers.

                   

                  When I looked at Palo Alto, I liked what they had, but it was more niche-oriented than my organization wanted.  Eventually (after twelve years) I gave up the good fight against ASA's and now I have 70 of them.  They serve their purpose well enough, and they're only getting better.  But they're not cheap (well, Cisco can prove they ARE the least expensive firewall on the market--right up until you need to add decent IPS and content filtering and SIEM logging, etc.--all of which were handled in one pair of Sidewinders for most of my tenure here) after you get all of the necessary external add-ons and the support contracts.

                   

                  On the other hand, Checkpoint and Palo Alto aren't giving their top-end corporate firewalls away for free, either.

                   

                  I was waiting anxiously for the F5 firewalls to come of age--it made sense to put a choke point / control on the load balancers.  When I last looked at it (quite some time ago), F5 firewalls weren't ready for prime time yet, but that probably has changed by now.