Cisco offers the Firepower 2100 Series NGFW, designed to allow businesses to gain resiliency through superior security with sustained performance. The Firepower 2100 Series has a dual multicore CPU architecture that optimizes firewall, cryptographic, and threat inspection functions simultaneously, to achieve security doesn’t come at the expense of network performance.
N/A
SonicWall TZ
Score 7.2 out of 10
N/A
SonicWall TZ is an entry to mid-tier NGFW for small to mid-sized companies. It is a Unified Threat Management solution, with additional native decryption and deep-packet inspection capabilities.
The Cisco [Firepower] 2100 [Series] is an easy sell for anyone looking. You already know Cisco excels in the security department, but now that firepower lives right on the box and inline with the rest of the firewall data flow you can save yourself a lot of time and headaches. Unless you cant quite afford Cisco's 2100 line, there's not much reason to go with the competition.
Good price for scope of functionality Challenge for those that are not highly technical Many options within Firewall Setting that need to understood to maximize use of the device. Would be nice to see some sort of configuration wizard to assist in configuring unit.
Career-wise very familiar with the ASAs, you know, the previous gen firewalls, Pyxis, ASAs, the CHA. As far as being intuitive, those seem to be far more intuitive to learn and figure out what the features and changes and config management, all that stuff is. With Firepower, it's a learning curve and I feel like I have quite a bit of experience with it, and so does my team, but feels like it's not as intuitive, and trying to make changes just always seems harder for some reason. We've gone to some Cisco security training and all that, but even then it's just harder to work with. The other big thing is, and this is a big gripe of mine, I suppose, that on any other firewall, when we have various different manufacturers, if you make a change, you know, a simple change object, object name gets changed or object is deleted or whatever the simplest of change is, it gets implemented instantly.
With the Firepower system, you have to deploy the change and it'll take about six or seven minutes for the change to actually take, which is insanely different than any other platform where that change is instantaneous. So let's say if I'm making seven different changes for a troubleshooting job I don't know which one of the seven is gonna fix it, I do one by one by one. I'm like, oh, let me try one change, one second, change, third change, four changes. It's going to take seven deploys. And seven deploys mean it's gonna take an hour of just deploy time. So that is a big, big gripe
management is confusing has many items that could be improved to facilitate the work to the network administrator
in the diagnostic tool I would improve the response times, that is, if a ping test is required, it should be quick, since in cases of failures it is sought to minimize the impact as much as possible.
each function has a different license item, I would place a single license package for all team functions
Overall the new interface is very logical and easy to navigate. We did struggle at first coming from the older interface and finding our way around the new. But our new users found it very simple to find what they were looking for. One negative we do all struggle with is packet cpature not always being clear how its set/what is being monitored. this could do with more information on teh intial page instead of having to look for it
Once you get to a competent technician the support experience is better. But I have found that the lower tiers of support are very slow to respond (like 1 email per day) and you typically have to re-explain yourself a couple times before they get it. I have not used Phone support, and that may be a better experience.
SonicWall and WatchGuard are both fine appliances, but I am accustomed to the Barracuda NG. The Barracuda Control Center is so powerful and useful that it beats out the other two. SonicWall does a great job of dividing up firewall rules and NAT policies, but this is a preference among engineers.
It's keeping threats out like a firewall should. Definitely cost wise it is at a higher cost center than other alternatives. Especially when it comes to licensing. Cisco is generally the higher, for perhaps, definitely for good reason, right? I mean, definitely positive impact as far as working as it should that's at cost.