• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Enterprise Network Firewalls

K

kossuth78

Junior Member
All,

First post here. My company is looking at new network firewalls. Any feedback on Palo Alto vs Cisco FTD boxes? We currently have Cisco ASAs with Firepower. Don't want to put blinders on here. Obviously we are very familiar with how Firepower works and that FTD would become an extension of our current FMC so user intuitiveness isn't really a concern with us being we are already familiar with it. Geolocation capability, malware inspection, and SSL decryption are ABSOLUTE requirements. We're going to be getting demo boxes, but figured I would ask and get some input.
 
Has Cisco enabled the hardware decryption on their FTD boxes yet? It was a selling point for us. However we ditched Cisco and went SD-WAN with a Fortinet firewall in AT&Ts networks.

I have heard good things about Palo Alto, though never actually used them.
 
Genx87 said:
Has Cisco enabled the hardware decryption on their FTD boxes yet? It was a selling point for us. However we ditched Cisco and went SD-WAN with a Fortinet firewall in AT&Ts networks.

I have heard good things about Palo Alto, though never actually used them.
Click to expand...
In some of the products. The 4100 line yes. The 2100 line no, but the hardware does have the decryption chips onboard, the developers just haven't unlocked the capability yet. Not sure why.
 
kossuth78 said:
Explain
Click to expand...

Where do I start?

Well, the interface looks circa 1997, the interface is not intuitive, the firepower appliances (4100 etc) are not feature parity with the current functionality with the ASA line, no 2 factor, no RADIUS support, LDAP only, migration tool from ASA is half baked in that it doesnt move VPN tunnels, it only creates rules and migrates objects that are IN USE so if you have something that isnt in use its not moved. There are others, but this is enough to annoy me away from recommending it.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top