Cisco Secure IPS (NGIPS) Reviews

Our primary use case is securing the network. It has a deep learning intelligence ability to filter packages and traffic coming to networks and to different workstations in networks. 

This solution is deployed on-premises. 

The most valuable feature is its IPS ability. You are able to balance security and connectivity. 

The CLI, the console line interface, of the FTD could be improved. It's very complex, so without a GUI, it doesn't work well. I would like it to be more simple. 

As far as additional features or next releases, I think the price could be cheaper. 

We have been using this solution for more than eight years. 

This product is stable. 

This product is very scalable. 

Cisco's technical support is very, very fast. 

Before implementing Cisco, we used Fortigate and Check Point. 

The installation is straightforward. You have to install the device, but if you want to actually manage it, you need a GUI for it. For deployment, you will need two engineers, maximum. 

We implemented this solution through an in-house team and deployed it ourselves. 

We pay for the IPS license to use this solution. 

I rate this product a nine out of ten, and would recommend this product to others who are considering using it. 

We use NGIPS for monitoring and firewall purposes. We have about 3,000 users. 

I like how NGIPS has everything in one console.  

The look and feel of the console could be updated. 

I have used NGIPS for about five years.

NGIPS is stable.

Setting up NGIPS was complex. We needed help from a Cisco specialist. 

I rate Cisco NGIPS eight out of 10 overall.

Our customers use it for VBN and network as well.

I've found the performance and stability to be the most valuable features of Cisco NGIPS. It is scalable as well.

The price could be improved.

I've been providing this solution for about five years.

It is a stable solution.

It is scalable.

My experience with technical support has been okay.

Installation is straightforward and took half a day.

The pricing could be improved. Our customers have a yearly license.

It is a good product, and I would recommend it. I would rate it at eight on a scale from one to ten.

I work for a system integrator and Cisco NGIPS is one of the products that we implement for our clients. This is a solution for enterprise networks and it has a lot of advanced features including security intelligence feeds and DNS security.

This product can be integrated with other solutions from the Cisco portfolio including Cisco ISE and SecureX. The integration with the Cisco portfolio is very helpful. Cisco ISE will give full control in any network and it can be used to isolate any infected or misbehaving users automatically.

Multi-internet line load balancing should be supported. It is available from other vendors and should be included with this product.

This is one of the most stable solutions in the firewall world. 

Cisco takes scalability into consideration. My clients vary in size from small and medium-sized businesses to enterprises.

The best support that I have ever dealt with is from Cisco. I am very satisfied with their service.

I have experience with a lot of network security products. These include solutions by Cisco, Palo Alto, Fortinet, and Forcepoint.

The initial setup is very simple and in one or two hours, it can be up and running.

The licensing can be billed annually or in multi-year contracts such as three, four, or five years.

I would rate this solution a nine out of ten.

We use the solution to secure our client's networks.

Overall, it lacks user-friendliness. It could be easier to manage. I can train any customer using FortiGate or Palo Alto in a few days, but with Cisco, it takes much more time because the systems aren't easy to use.

It would be very nice to get rid of FlexConfig. It's a very unhelpful element of the solution.

One feature that is lacking is full interoperability with CLI.

You can configure Palo Alto and FortiGate with a graphical interface, and you can configure it with the command line. This is not so in Cisco. For professionals, this is important because the command line allows us to configure a lot of things and copy configurations and it's much easier.

Technical support is quite good. With firewalls, the last cases I had with Cisco were professionally handled quite quickly and it was great. I can compare with some other manufacturers. FortiGate is awful, for example. I'm generally pleased with Cisco.

The solution has a moderate amount of difficulty. You need to go over and use the documentation.

Cisco has a device manager now but this device manager is not like all device managers from ASA. It lacks a lot of features, and some of these features are very important. It makes it a challenge to configure because of the graphical interface. You have to install the management center and that itself takes time and it's not so simple.

We use the on-premises deployment model.

Ten years ago, when you sold Cisco to clients, customers complained about the price but they knew they were buying the best product in the market. It is totally different now. If they want to buy the best product in the market, they buy Palo Alto or Check Point. Cisco is trying to catch up to the competition.

When we talk about just the IPS manufacturers, I would rate the solution around six or seven out of ten. If we're talking about Cisco as a whole, I would rate them eight out of ten.  

I've found the web filter and JPS the most valuable features.

There are some features not found in Firepower, like data loss prevention, and SSO, to have a connection between Cisco and Active Directory, which was introduced on other products.

In the future, I'd like the same solution in other UTM solutions. I know it has an application filter, but it's not really improving. Also, DLP needs to prevent data loss. Those two features are really important now for firewalls and for the security. The data loss prevention really is the most asked for feature from the customer. Often they ask about how we can prevent loss of emails, of data, files. It's really important.

The solution is stable. This is one of the good things about Firepower. Especially if we use ESE with it. That would make it the complete solution for Cisco for security. If it is the complete solution, it's stable and there are no issues with the product. If the user isn't connected all the time, for example, if we look at some sites or some users, sometimes the connection for the user gets disconnected with each session. Sometimes the filter doesn't work. 

The solution is good to scale.

The technical support is really good. Not only for this solution. The support of Cisco is always good. From the first call, the response is quick and there is no problem with the support.

The initial setup is not complex. There is a wizard so it's not complex. There is a difference in the complexity of the deployment. Depending on customers and infrastructure, sometimes it takes one day or two days if we're talking about a little infrastructure. Sometimes it can take eight days or more to couple the firewall with ASA, and to do some more complex architecture. If we have a complex architecture, we need 2 people to implement, but if we have an implementation that is not so complex, one person can do it.

I do the implementation myself.

Most of the time the ROI good. The customer, most of the time, is happy and is convinced of the usefulness of the solution.

If someone wants to use Cisco Firepower, the solution is easy. The complete solution is the best for having the full security of a Cisco infrastructure. If I could advise someone with the deployment, I would advise taking the complete solution, in order to have a really scalable and stable solution. Or, if you can't take the complete solution, I'd advise taking a cluster of Firepower to have the scalability and stability.

I would rate this solution a 7 or 8 out of 10. If they could add a few of the mentioned features or do something more with the application filter it would be a 9 or a 10 out of 10.

The most valuable features of Cisco NGIPS are the VPN, IPS, access policy management, EIM, and the ASA model as part of Firepower.

I have been using Cisco NGIPS for approximately three years.

Cisco NGIPS is highly stable.

Cisco NGIPS is scalable. The scalability is easy to do because if the Firepower threat defense works in the cluster mode, someone can scale up the system using two and three Firepower threat defenses at the same time in one system.

We use this solution in different companies and provide them with support. We have some clients that have 3,000 users whereas others have 700.

In our company process some team, we have three or four people and the solution can be easily maintained because it is managed in one place in the Firepower management center. In one company we have approximately 24 Firepower models and these devices are controlled by one system, the Firepower management system (FMC). It's very easy to control and maintain the solution.

The price of the solution is expensive to a degree it cannot be used by small businesses. It is best suited for medium and enterprise businesses.

I would recommend this solution to others for medium, large, and enterprise businesses only.

I rate Cisco NGIPS a ten out of ten.

I like Firepower's automation, and the security intelligence is a powerful feature. 

If Firepower had an embedded vulnerability scanner, it could better detect the vulnerabilities on different platforms in the network. It needs to integrate with other solutions to detect these vulnerabilities. It cannot detect system vulnerabilities on its own. A new trend is encrypted security solutions. Firepower can integrate with Cisco products like Stealthwatch, and Stealthwatch can primarily integrate with other Cisco products. 

Firepower APIs that allow it to integrate with other vendors need more flexibility. For example, if I want to integrate with Forcepoint, I can't because Forcepoint cannot integrate with other sandbox vendors. This integration has become essential for the latest security solutions because most customers are now thinking about integrated security solutions. However, not every product is like that. We have to think about the integrated security solutions, so Firepower needs to improve in this area, the integrations with other vendors.

We are a partner with Cisco and we have sold these products to multiple customers. Most of them have given us positive feedback about Cisco Firepower.

We had multiple bugs and issues on the old versions, but the new versions Cisco has recently released are much more stable. However, our customers are still facing many bugs on the system. It has matured noticeably, but we are still facing multiple stability issues on Firepower. There are more than 80 or 90 bugs for each release node. It's a considerable number of bugs. It's much better than before, but there are still too many bugs in the new versions. The R&D team needs to put more work into new releases to minimize the number of bugs.

Cisco has some limitations in clustering if we want to upgrade the hardware currently deployed at customer sites. If Cisco can improve or optimize this clustering limitation, this will add more scalability to Firepower.

Cisco's most powerful support team is based in the United States. Most cases this team handles are solved quickly, but I've had a different experience with the Indian team. It takes too much time to solve the issues. We have different experiences with tech teams in other time zones, and I prefer to communicate cases with a US-based team. It depends on when we open the ticket. Sometimes it will route to the Indian tech team. If we open the ticket between 9 a.m. and 9 p.m. Cairo time, I think it will go to the US team.

Signature tuning is automated in Cisco Firepower. This is the most powerful feature, which most vendors don't have. It makes deploying the solution straightforward for the customer and us implementers as well. So the automation and the fine-tuning are effortless in Firepower.

Cisco Firepower is a good investment because one product can cover such a large part of the NIST security framework.

The weakness of Cisco Firepower is the cost. Some of the customers see it as very expensive. 

I would rate Cisco Firepower NGIPS nine out of 10. For any customers thinking about implementing this solution, I would suggest being aware of the security areas they want to cover. They need to consider the NIST cybersecurity framework and focus on each area of this framework to make sure that there are no security gaps in their environment. Firepower covers three main areas of this framework: detection, response, and identification.