I don't think you went into the NGFW features enough. This was a firewall comparison and not a security comparison and doesn't actually tell me anything I couldn't read on a spec sheet
Agreed, came across this as I was watching some Sec vids...forget the Firewall piece, its irrelevant as every vendor does Firewalling...you start to get separation when you (as you mentioned) start focusing on the NextGen feature sets etc. DPI is standard stuff, nothing crazy there, URL Filtering is again standard stuff, Wildfire brings potential zero-day protections..the question is always "What do you want from your Edge device?"...If IDS/IPS is the main focus, you're going to have a hard timing beating Sourcefire/Firepower...if you want ease of management, onbox manageability versus need for management appliance, go PAN. These are the things I would have focused on. In short, Cisco = currently fragmented technology (being streamlined into FTD but its not at full feature parity to the ASA) while PAN is a great single pass architecture and extremely easy to manage (either onbox or centrally with Panorama). Cisco needs more time before it can truly compete with PAN in the Edge space, anxious to see what FTD becomes when its ready but being Cisco who knows...they remain behind the curve for now.
Anyconnect initiates the protected session over TCP 443. After session initiation, the VPN is completed as an IKEv2 IPsec tunnel using EAP authentication.
Cisco anyconnect can work on both protocol SSL/IPSEC. But initial connection has to be SSL ( to download XML profile ) if the end-point (laptop etc.) never connected to that particular VPN before and then you can make IPSEC as preferred protocol over SSL in ASA's config. Hope this help !
Wouldn't it have been better to compare a firepower NGFW such as the Cisco 4100 series device to the equivalent PA? appreciate certain ASA functionality is lacking however that's being addressed and it's more inline with the direction Cisco is headed. If you thought Cisco enjoyed taking your money, PA takes it to the next level and beyond.
2100/4100/9300 refers to FTD appliances and with features lacking its not a true comparison at this time so what you are left with is PAN vs Cisco ASA "with" FirePOWER Services. FTD is Cisco's answer to PAN but its quite late in the game and there tech is fragmented. When will it be streamlined if ever is the question. Clustering was a major headache and those complaints were moved to the front of the line and is now supported, RAVPN is another big one for a lot of Enterprises out there. You also have companies who just invested millions of dollars worth of NextGen ASA's "with" FirePOWER Services only be told now FPS is going away and FTD is the new thing. Cisco thankfully is at least allowing a re-imaging of that invested hardware to FTD which is good for some but for those with 5585X's they are SOL as FTD will not run across the 85X's multiple CPU complexes. If I have 85X's then I will definitely need to upgrade to perhaps 2100/4100 hardware to implement FTD.
I dont know what youre talking about man. Are you comparing Cisco TAC when it comes to fireeye support vs PAN or simple firewall support? Because its not really a good comparison...
Cisco is better. I say this because Cisco will most likely have more appliances to further compliments each appliances capabilities and features. Yea it cost money. But good shit costs.
Being that you did this video in late 2016 you didnt mention the latest Cisco offering... UNFORTUNATELY, 9300 and 4100 as well as FMC, SNORT and FTD.... You need to do more work before you put together such an insufficient video.
This was a very informative video, it would be nice to see this rerecorded for 2018.
I don't think you went into the NGFW features enough. This was a firewall comparison and not a security comparison and doesn't actually tell me anything I couldn't read on a spec sheet
Agreed, came across this as I was watching some Sec vids...forget the Firewall piece, its irrelevant as every vendor does Firewalling...you start to get separation when you (as you mentioned) start focusing on the NextGen feature sets etc. DPI is standard stuff, nothing crazy there, URL Filtering is again standard stuff, Wildfire brings potential zero-day protections..the question is always "What do you want from your Edge device?"...If IDS/IPS is the main focus, you're going to have a hard timing beating Sourcefire/Firepower...if you want ease of management, onbox manageability versus need for management appliance, go PAN. These are the things I would have focused on. In short, Cisco = currently fragmented technology (being streamlined into FTD but its not at full feature parity to the ASA) while PAN is a great single pass architecture and extremely easy to manage (either onbox or centrally with Panorama). Cisco needs more time before it can truly compete with PAN in the Edge space, anxious to see what FTD becomes when its ready but being Cisco who knows...they remain behind the curve for now.
You are correct. He went over about 20% of that Monster called FP and FTD. It will be Huge once its done
Maybe out of point question, but somebody please shed light- Is Cisco AnyConnect SSL VPN or IPSec VPN?
Anyconnect initiates the protected session over TCP 443. After session initiation, the VPN is completed as an IKEv2 IPsec tunnel using EAP authentication.
Cisco anyconnect can work on both protocol SSL/IPSEC. But initial connection has to be SSL ( to download XML profile ) if the end-point (laptop etc.) never connected to that particular VPN before and then you can make IPSEC as preferred protocol over SSL in ASA's config. Hope this help !
Palo alto global protect much better than anyconnect and easy to manage. Without HIPS you dont need additional license as well.
Now we are in 2018, so, the recents models Cisco Firepower are intended to replace the legacy Cisco ASA FirePower?
Haven't Sophos and Fortinet been doing this forever?
Same thing I told my current employer. Fortinet has been doing this for years. ASA is late in the game.
exaclty :-)
Wouldn't it have been better to compare a firepower NGFW such as the Cisco 4100 series device to the equivalent PA? appreciate certain ASA functionality is lacking however that's being addressed and it's more inline with the direction Cisco is headed.
If you thought Cisco enjoyed taking your money, PA takes it to the next level and beyond.
2100/4100/9300 refers to FTD appliances and with features lacking its not a true comparison at this time so what you are left with is PAN vs Cisco ASA "with" FirePOWER Services. FTD is Cisco's answer to PAN but its quite late in the game and there tech is fragmented. When will it be streamlined if ever is the question. Clustering was a major headache and those complaints were moved to the front of the line and is now supported, RAVPN is another big one for a lot of Enterprises out there. You also have companies who just invested millions of dollars worth of NextGen ASA's "with" FirePOWER Services only be told now FPS is going away and FTD is the new thing. Cisco thankfully is at least allowing a re-imaging of that invested hardware to FTD which is good for some but for those with 5585X's they are SOL as FTD will not run across the 85X's multiple CPU complexes. If I have 85X's then I will definitely need to upgrade to perhaps 2100/4100 hardware to implement FTD.
You cant be serious about being "late", I dont see Palo Alto dumping the latest CIA hacks... LOL, Late.
great comparison. thanks and keep it coming plzzzz
I guess you are new to the Security equipment manufacturers...
DUDE!!!
When it comes to GOOD Firewalls....
You name them all and FORGET...CHECKPOINT !??? :-/
Turned it off after you said that ASA/Firepower is easy to use.
It took you 45 minutes to read a 10 minute google search
The company is called Palo Alto networks, not palo alto
Palo Alto support sucks, using it for last year and moving to Cisco.
I dont know what youre talking about man. Are you comparing Cisco TAC when it comes to fireeye support vs PAN or simple firewall support? Because its not really a good comparison...
Cisco is better. I say this because Cisco will most likely have more appliances to further compliments each appliances capabilities and features. Yea it cost money. But good shit costs.
Actually, in the Firewall world, Cisco comes last.
PA > Fortinet > Cisco ASA > Cisco ASA with FP.
Being that you did this video in late 2016 you didnt mention the latest Cisco offering... UNFORTUNATELY, 9300 and 4100 as well as FMC, SNORT and FTD.... You need to do more work before you put together such an insufficient video.
And Fortinet wins al