Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11256
Views
0
Helpful
2
Replies

ASA FirePower vs Palo Alto and Checkpoint

AmziUK
Level 1
Level 1

‎02-04-2015 12:15 PM - edited ‎03-11-2019 10:27 PM

I'm in the market for a NGFW and was wondering where people are with their current Cisco ASA with Sourcefire. Obviously the road seems long to get a mature product from the merging of the two technologies, e.g. SourceFire defence centre and ASDM are still separate but will be accessible from the same GUI in the near future. However I do like some of the features e.g. retrospective analysis where you can go back to the source of an infection and trace all users that have been affected.

I understand where Palo and CP are on the leader board (Gartner) but wanted to know if you guys are satisfied with what Cisco are doing and where they will be in 6-12months time.

Has anyone had any real world experience of the 5585-X chassis (SSP-20,40 or 60)?

Labels:
0 Helpful
2 Replies 2

adawa
Level 3
Level 3

‎02-06-2015 08:30 AM

Hello, Aamar. 

I recommend attending some Cisco webinars or watching some recorded webinars about Cisco ASA to get the latest updates. It may also be good to talk to your local Cisco representative. Have you talked to your Cisco rep/partner about NGFW, by the way?

Let me know if you have additional concerns or e-mail (adawa@cisco.com) me directly. Kind regards. 

0 Helpful

TechDude
Level 1
Level 1

‎03-11-2015 05:26 AM

What Cisco was missing imo was the NG Firewall features that everyone has had for years.  I recently upgraded my 5585 SSP60 based firewalls with the SSP-SFR60 modules.  So far I'm fairly impressed, the package does what everyone else does, currently still testing a number of items however what I could do with a Palo or something from SonicWall I can now do with my ASAs.

First Accessible from Same GUI: Not on the 5585s, if I open ASDM for the 5585s, there are no configurations that I can see available, essentially under my admin context I see three tabs, one of which is ASA Firepower Status, there is a link I can click on and it takes me to DC URL.  I do hear you can configure for the smaller firewalls though.  Possibly because I use MC and A/A I might be missing it. Honestly though DC seems to be a very powerful tool so I'm fine with two management systems as they both serve a different purpose, ASA controls ports allowed to pass, and the traffic that passes gets filtered.

Logging and Events: DC has an immense amount of information, urls being visited, ips, responding countries, pretty much everything is here.

Am I satisfied?  Yes, items that bothered me was built in URL filtering, file analysis, Geo Location Filtering and numerous other bells and whistles that I noticed $1000 sonicwalls had, the CX platform never caught my eye for some reason, and I'm glad I never bit the bullet, EOL10154, so if I implemented CX I'd be in a situation where I would need to replace it.  Sourcefire was a fairly successful company that Cisco bought, and I don't see cisco throwing away 2.7 Billion Dollars so I can see this being around for awhile.

I'm still exploring but so far what everyone else has had for years, I finally have with my ASA and I'm happy.  It does work, and it works well.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card