Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1556
Views
0
Helpful
3
Replies

Is Firepower worth it, or is ASA just as good?

Go to solution
CAR IT
Level 1
Level 1

‎08-31-2018 07:19 AM - edited ‎02-21-2020 08:10 AM

I'm sure Firepower is spectacular, and as a non-certified professional, the FMC appears to be the evolution of ASDM (and hopefully not reliant on Java!). As I understand, and correct me if I'm wrong, Firepower is an IOS, but with the ability to subscribe to services.

 

From a cost standpoint, does Firepower deliver on what it claims to, i.e. the IPS, IDS, Malware protection, etc. I understand IPS and IDS are done at the firewall level, and those products are pretty seasoned. But the other modules seem to handle things that were traditionally handled internally. The biggest threats these days is socially engineered spam, and we already have a system for spam blocking.

 

So, does it deliver for the price? We've read all the brochures, surprisingly Cisco claims it's the greatest thing since sliced bread. And I love sliced bread.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-31-2018 07:53 AM

You can buy Firepower Threat Defense with just the Threat license.

 

Keep doing your email security where you are doing it.

 

I prefer Umbrella for DNS security / URL filtering, combined with a policy on your firewall (no matter which flavor) that blocks DNS to non-Umbrella servers.

 

Add AMP for Endpoints and you have a pretty well-rounded and comprehensive protection.

View solution in original post

0 Helpful

Go to solution
Martin Carr
Level 4
Level 4

‎08-31-2018 08:08 AM

Cisco NGFW's have Firepower modules (thanks to Cisco's acquisition of Sourcefire) as to the question, yes I would say it's worth it.

 

 

A+P is pretty good, but as you say for AMP, URL filtering you probably have dedicated products.

 

Martin

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-31-2018 07:53 AM

You can buy Firepower Threat Defense with just the Threat license.

 

Keep doing your email security where you are doing it.

 

I prefer Umbrella for DNS security / URL filtering, combined with a policy on your firewall (no matter which flavor) that blocks DNS to non-Umbrella servers.

 

Add AMP for Endpoints and you have a pretty well-rounded and comprehensive protection.

0 Helpful

Go to solution
CAR IT
Level 1
Level 1
In response to Marvin Rhoads

‎08-31-2018 08:47 AM

Thank you for the information, both of you. My next question would be, if  you buy a Firepower Firewall like the 2110, what functionality do you get from FTD out of the box? I understand the firewall component (anyconnect, failover, security licenses are additional). Does FTD provide any NGFW functionality without an additional license, or are we locking ourselves into a never ending subscription for which it is useless unless we pay the Vig every year. We're a non-profit.

 

Thank you!

0 Helpful

Go to solution
Martin Carr
Level 4
Level 4

‎08-31-2018 08:08 AM

Cisco NGFW's have Firepower modules (thanks to Cisco's acquisition of Sourcefire) as to the question, yes I would say it's worth it.

 

 

A+P is pretty good, but as you say for AMP, URL filtering you probably have dedicated products.

 

Martin

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card