In the previous version, some features were not enabled. For example, you could not access the VPN. So that was one of the downsides of the product. In this latest version, after enabling these features in the previous version and using them, it's been good. Inspection, application, and inspection in the cloud, the detail in the cloud for an indication of compromise and the malicious activity re-hashing are all valuable features. It's more of the cloud and the malicious activities aspects that define this application.
Network Infrastructure Program Manager at a non-profit with 1,001-5,000 employees
Offers valuable SSL decryption, URL filtering, and ITSM inspection features
Pros and Cons
- "Cisco is number one in the technical support. It's good technical support and this is actually a problem when we do the recruitment for some other products. Other products you are on hold forever and the support might be not the best compared to Cisco."
- "The file trajectory, the trace in contamination files, could be improved."
What is most valuable?
What needs improvement?
The file trajectory could be improved.
We still have a web proxy but I think at some point we should not have two products. We should have only one product. Most of the features of the web proxy already exist in the UTM appliances. We have a debate as to whether it's the Cisco Firepower and UTM Appliance of next-generation firewall. But I consider both of them the same. So I would say if we have the caching and the other features which are unique features to the Web Proxy, I think Cisco will be number one if they are able to include such features in the future.
For how long have I used the solution?
I have been using the solution for three years.
What do I think about the stability of the solution?
It's a really good product but I have had a really good experience with Palo Alto UTM Appliances. Which I would give a higher mark than the Firepower. It's just a little bit more expensive than the Cisco Firepower.
Buyer's Guide
Cisco Secure IPS (NGIPS)
March 2025

Learn what your peers think about Cisco Secure IPS (NGIPS). Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,040 professionals have used our research since 2012.
What do I think about the scalability of the solution?
Scalability I would say, it has some limitations in the large deployment. I think Cisco is working to improve it.
How are customer service and support?
The technical support is the most valuable part of the solution. Cisco is number one in technical support. It's good technical support and this is actually a problem when we do the recruitment for some other products. Other products you are on hold forever and the support is not as good compared to Cisco.
Which solution did I use previously and why did I switch?
I started with Juniper and the Palo Alto UTM Appliances, and many other vendors. But we do have a policy to use multiple vendors.
How was the initial setup?
Three years ago the setup was very complex. We had two different cables or software. It's like two appliances and one appliance. We had to set up ASA first and then set up Firepower and do the redirect from the old HTTP traffic, from the ASA for a detailed inspection by Firepower. Initially, it was complex. That was a few years back, but now with the newer version, it's just a piece of cake. Deployment took about 40 minutes. I also handle the maintenance myself.
What about the implementation team?
I do the implementation myself but in certain situations, because we have a risk assessment, it's a sort of risk transfer, so we have a contract with a certain integrator. We do have a contract, but I personally do the setup.
What was our ROI?
We have definitely experienced ROI. Because we have had many incidents where Cisco Firepower has caught malicious activities and triggered an alarm, a true positive alarm. Which is really good in our case.
What other advice do I have?
The solution is extensively used. We have a policy, from a permission security perspective, that you need to have diversity in the vendors and diversity in the products. We have some areas which are using these products and other areas which is using different products.
It's a really good product, but you need to give it some time to form a sort of baseline, before enabling all the features. You need to study the product well because the product will decrease to around 35-40% of the actual product when you start to enable features. Like the application and inspection, the SSL decryption, the URL filtering, and the ITSM inspection. If you enable more features, you will decrease a little bit of the property. Whoever selects the device initially needs to plan which features they are going to use and they might have to shift the sizing of the product. They might need a high-end appliance or a smaller low-end appliance based on the features they are going to use.
I would give the solution 9 out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Senior Cybersecurity Engineer at a financial services firm with 201-500 employees
The centralized management is helpful if you have multiple locations
Pros and Cons
- "The IPS functionality is useful if you have offices all over the place. It's nice to have centralized management instead of going to a separate ASA or FirePOWER device."
- "The biggest problem with most Cisco products is that the interface is lagging behind the competition. The user interface could be updated and improved."
What is our primary use case?
I am currently working with Cisco NGIPS at home as an IPS device, so I can see what's hitting the firewall and look at the logs. I'm using it as a learning environment.
What is most valuable?
The IPS functionality is useful if you have offices all over the place. It's nice to have centralized management instead of going to a separate ASA or FirePOWER device.
What needs improvement?
The biggest problem with most Cisco products is that the interface is lagging behind the competition. The user interface could be updated and improved.
What do I think about the stability of the solution?
Cisco NGIPS is stable.
What do I think about the scalability of the solution?
Cisco NGIPS is highly scalable. We use it to cover 15 offices.
How was the initial setup?
It requires some background in IPS and IT security to fully understand it, so it is somewhat complex to deploy.
What other advice do I have?
I rate Cisco NGIPS eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cisco Secure IPS (NGIPS)
March 2025

Learn what your peers think about Cisco Secure IPS (NGIPS). Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,040 professionals have used our research since 2012.
Cyber Engineer at a aerospace/defense firm with 10,001+ employees
This solution has helped improve productivity and detect attacks before they happen
Pros and Cons
- "This solution has helped improve productivity and detect attacks before they happen."
- "I would like to see better integration with SIEMs."
What is our primary use case?
It detects attacks from malicious intrusions and malicious activity before they happen.
How has it helped my organization?
This solution has helped improve productivity and detect attacks before they happen.
What is most valuable?
Signature rules from the Snort community around the world.
What needs improvement?
- I would like to see better integration with SIEMs.
- Better rule building using other tools, like LuaH and Python.
- Better performance.
- Better intelligence gathering in domains, the main URLs, and endpoint solutions.
What do I think about the stability of the solution?
It's very reliable. We really like the product and will be staying with the product a while.
What do I think about the scalability of the solution?
At this point in time, it's making it a little bit difficult to scale due to the company, as the vendor is making some changes. We are waiting to see if the product is scalable or not.
How are customer service and technical support?
Rating the technical support from one to five (where five is high), I would rate them as a two. I find them to be very bad.
Which solution did I use previously and why did I switch?
This was originally a Snort product, which was open source. So, there is a community for it worldwide.
We used ISS from IBM in the past, but it was causing many issues and was dropping packets. It was not an ideal solution, so we moved to Sourcefire FirePower NGIPS.
How was the initial setup?
The initial setup is easy because I am very familiar with the product.
What's my experience with pricing, setup cost, and licensing?
We buy the licensing on a yearly basis, when we renew our contract. It is around $14,000.
Which other solutions did I evaluate?
McAfee and Palo Alto were on our shortlist.
What other advice do I have?
The product is a ten because it is the only product in the market like this.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Consultant at Pi DATACENTERS
It improves network security and threat defence and has helped improve our cybersecurity
Pros and Cons
- "It has helped to improve our cybersecurity and our network security posture."
- "The initial setup is a bit complex because it requires a lot of configuration, firewall and zoning."
What is our primary use case?
We have a Cisco ASA firewall, which is like a standard firewall. We upgraded to Firepower Threat Defense, and it is like a next-generation capability, like NGIPS and NGAV, and has that kind of functionality. It also improves network security and threat defence.
How has it helped my organization?
It has helped to improve our cybersecurity and our network security posture.
What is most valuable?
The FTD has a GUI interface, which is very easy to work around with all the configurations. It is a client-based software based on Java. Now we have the GUI web interface, and it's very interactive and easy to navigate.
What needs improvement?
Cisco NGIPS runs the backend as a Snort engine, so it is like they customize it with Cisco. So they need to have an engine for threat defence.
For how long have I used the solution?
We have been using this solution for two years and are using version 9.6. It is deployed on-premises.
What do I think about the stability of the solution?
It is a stable solution.
What do I think about the scalability of the solution?
It is scalable. NGIPS is based on our user base, so we have around 2000 users. We require two network and security administrators for deployment and maintenance. We do not plan to increase usage because we have already upgraded.
How are customer service and support?
I rate the technical support a ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We updated from Cisco ASA to NGIPS FTD.
How was the initial setup?
The initial setup is a bit complex because it requires a lot of configuration, firewall and zoning. The deployment was done in-house. We just purchased a box and installed it on our own.
What was our ROI?
We have seen a return on investment in improving security and defending the threats in our network.
What's my experience with pricing, setup cost, and licensing?
I do not have details about the licensing costs. It has a user-based license and a different model license because it is modular software.
What other advice do I have?
I rate this solution an eight out of ten. From a recommendation perspective, before deploying the NGIPS solution, you need to work with your internal environment. It can minimize the load on the NGIPS, so you should do your IPS signature before moving to production.
It should have a network and content processor and a security process for additional features. Other OEMs have these capabilities to enhance the throughput and performance.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Solutions Architect at a outsourcing company with 1,001-5,000 employees
Beneficial documentation, overall good design, and responsive support
Pros and Cons
- "Among all the different solutions I have worked with, such as Palo Alto many other firewalls. Cisco has the support, documentation, and design. The documentation is widely available and it can help you a lot with implementation. It makes the implementation much easier."
- "What I don't like about Cisco recently is they keep changing the names, which makes it hard for customers and sometimes even us as engineers to know what is the solution they are speaking about. For example, with AMP, now they call it Secure Endpoint and I don't know if in the next couple of years they're going to change it to something else. They should keep the names the same."
What is our primary use case?
The Cisco NGIPS and IGS are used as network firewalls for IPS and IGS protection. I have both the Cisco Firepower and Cisco Meraki solutions in different customers' locations. They have the capability of the NGIPS built into it. We have different customers that they are using it. For example, on Edge, data centers, and campus networks.
What is most valuable?
Among all the different solutions I have worked with, such as Palo Alto many other firewalls. Cisco has the support, documentation, and design. The documentation is widely available and it can help you a lot with implementation. It makes the implementation much easier.
What needs improvement?
What I don't like about Cisco recently is they keep changing the names, which makes it hard for customers and sometimes even us as engineers to know what is the solution they are speaking about. For example, with AMP, now they call it Secure Endpoint and I don't know if in the next couple of years they're going to change it to something else. They should keep the names the same.
For how long have I used the solution?
I have been using Cisco NGIPS for approximately 10 years.
What do I think about the stability of the solution?
Cisco NGIPS is stable, however, it is nothing special.
What do I think about the scalability of the solution?
The scalability of Cisco NGIPS I am not too familiar with. The solution can do clustering and other operations. With the Orchestrator, I haven't worked with it yet but I hope that will help to make standard policies all run better. The most important part about scalability is how do you want to apply the same policy all around and across the different locations that you have. This is something that is not easy with any firewall unless you have a Secure Orchestrator. I don't see any issues with the scalability at this time.
How are customer service and support?
The support from Cisco NGIPS is very good.
Which solution did I use previously and why did I switch?
I have used many other solutions, such as Palo Alto.
What's my experience with pricing, setup cost, and licensing?
I would rate the price of Cisco NGIPS a three out of five.
They are very expensive in some places and not reasonable at times for many customers. I have had customers choose another solution because of the high price.
What other advice do I have?
When speaking about the features of Cisco NGIPS, what makes the feature good is dependent on what the customer likes and the skillset that they have. I cannot say what is the best feature because it depends on the use case.
There are times I see customers spend a lot of money on something which they really don't use. Whether this solution is good or not depends on what exactly the customer wants to implement and protect. They should pick the right solution with the skillset that they have.
I rate Cisco NGIPS nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
IT Manager at a financial services firm with 51-200 employees
Useful filters, reliable, and customer support helpful
Pros and Cons
- "I have found the filter and the antivirus to be most valuable."
- "The user interface needs some improvement, it is a little rudimentary and not very intuitive."
What is our primary use case?
We use the solution for traffic filtering, security, and antivirus capabilities.
What is most valuable?
I have found the filter and the antivirus to be most valuable.
What needs improvement?
The user interface needs some improvement, it is a little rudimentary and not very intuitive. If you are not very technical inclined you may need to be assisted or might struggle to set it up.
The newer version tends to use a lot of system resources. For example, your processor and RAM.
For how long have I used the solution?
I have been using the solution for approximately four years.
What do I think about the stability of the solution?
The solution is stable and reliable, it does the job well.
What do I think about the scalability of the solution?
The scalability is excellent, they can support a large environment. However, a large size organization will need its own dedicated appliance.
How are customer service and technical support?
The customer support is very good.
Which solution did I use previously and why did I switch?
We have used and still use Darktrace. We do not use it to replace Cisco's NGIPS solution but we use it predominantly as an in-network snooper.
How was the initial setup?
The installation is complex.
What about the implementation team?
We used an in-house team to do the deployment and it takes roughly a day and a half depending on the size of your organization and the configuration. Setting up the rules, all the features, and the licensing takes time.
To do the maintenance you need somebody familiar with Cisco and networking technologies.
What was our ROI?
By using this solution we have received a return on our investment.
What's my experience with pricing, setup cost, and licensing?
Cisco products are not cheap and this solution is no different. However, the price of all of the Firepower is part of a bundle when you buy the actual firewall, the Cisco firewall. It is part of the whole bundle package, but Firepower IPS itself has its own costs.
We are on a yearly license and the price depends on the environment, we pay approximately $33,000. The solution has additional components, and each one of the components cost extra.
What other advice do I have?
For those wanting to implement this solution, I was advice before deploying the solution, understand exactly what you want it to do for you. The product has a couple of different capabilities, do you want to expand, or you may not want to expand. These are scenarios that you have to take into account. I would not recommend the solution for small organizations, it would be too time-consuming for that.
I rate Cisco NGIPS an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Technology Officer at a tech services company
A modular and easily managed solution, but throughput capacity is expensive and requires upgrading of hardware
Pros and Cons
- "The most valuable feature of this solution is its modularity, so whenever you need to upgrade or add another service, you don't need to buy another box."
- "If there was a software-based solution for scaling up then it would be much better."
What is our primary use case?
We are a system integrator, and we resell this solution to our customers.
This solution is for intrusion prevention, and the majority of deployments are on-premises.
What is most valuable?
The most valuable feature of this solution is its modularity, so whenever you need to upgrade or add another service, you don't need to buy another box. You can activate these services on the same box, which saves a lot in terms of cost because you don't need additional hardware. Moreover, it makes manageability easier because you don't have to use several different devices.
Cisco operates on an open operating system platform so it gives you the flexibility to add other things. Cisco itself is using different manufacturers, or OEM vendors to integrate with their product. For example, Radware is providing a DDoS solution for the NGIPS box.
What needs improvement?
We would like to see support for DDoS protection.
The cost of adding additional throughput is very high and is an area of concern. Competing products such as FortiGate and TippingPoint have a much larger throughput at a smaller cost.
The devices have certain limitations and to go beyond them, I need to change the hardware. For example, if I exceed the throughput on the 2000 series then I have to switch to the 4000 series. This one then has a limitation of perhaps fifty gigabytes, and if I exceed that, then I need to move to the 9000 series. By comparison, TippingPoint and FortiGate have no limit. If there was a software-based solution for scaling up then it would be much better.
For how long have I used the solution?
I have been using this solution for between two and three years.
What do I think about the stability of the solution?
This is a very stable solution. We have not heard any complaints from customers, and we have not experienced any trouble ourselves.
What do I think about the scalability of the solution?
When it comes to scalability, there is a limitation that is set by the hardware. If you're looking for higher throughput then you have to change boxes. The 2000 series is pretty small when it comes to bandwidth, so scalability is a concern.
How are customer service and technical support?
Technical support from Cisco is perfectly fine, and they are doing a great job.
Which solution did I use previously and why did I switch?
Prior to this solution, we used TippingPoint. Although it is a very good solution, there was a problem with the product having too many acquisitions. Every time there was a new acquisition, support was a concern. For example, at one point it was taken over by HP, and then, again, HP disowned it. Support was hampered by this, and if you're not getting support on a critical security appliance then you need to look for other options. This is what led us to adopt Cisco.
How was the initial setup?
The initial setup of this solution is not complex. They have a graphical user interface for managing all of these things, which helps make it easy to deploy.
What's my experience with pricing, setup cost, and licensing?
The price for additional throughput is the highest in the industry.
What other advice do I have?
This is a solution that I recommend for IPS.
I would rate this solution a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CIO at a legal firm with 11-50 employees
Easy to use and the technical support is great
Pros and Cons
- "The thing about this solution that I like the most is that it's intuitive."
- "My opinion is that this solution should improve the pricing."
What is most valuable?
The thing about this solution that I like the most is that it's intuitive. The other features I like are the good support chain and ease of use.
What needs improvement?
My opinion is that this solution should improve the pricing.
For how long have I used the solution?
I have been using this solution for about two years.
How are customer service and support?
I would rate the technical support of this solution a nine, on a scale from one to 10, with one being the worst and 10 being the best.
How would you rate customer service and support?
Positive
What's my experience with pricing, setup cost, and licensing?
I would rate the pricing of this solution a seven, on a scale from one to 10, with one being the worst and 10 being the best.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Cisco Secure IPS (NGIPS) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Intrusion Detection and Prevention Software (IDPS)Popular Comparisons
KerioControl
Palo Alto Networks Advanced Threat Prevention
Trend Micro TippingPoint Threat Protection System
Check Point IPS
Fortinet FortiGate IPS
Cisco Sourcefire SNORT
Trellix Intrusion Prevention System
Gatewatcher
Hillstone S-Series Network Intrusion Prevention System
Buyer's Guide
Download our free Cisco Secure IPS (NGIPS) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- When evaluating Intrusion Detection, what aspect do you think is the most important to look for?
- What is your recommended cost-effective solution to detect and prevent APT attacks?
- What product do you recommend for a Campus IPS appliance implementation?
- How do you use the MITRE ATT&CK framework for improving enterprise security?
- What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?
- Which is the best intrusion detection and prevention solution?
- What is the best IDPS security tool and why?
- What is Cognitive Cybersecurity and what is it used for?