If you are in the IT security industry, you know the history of Cisco and their Firepower line of firewalls. In the beginning, Cisco was one of the first to the Next-Gen Firewall market. Pioneering in any field like this can bring its share of issues, as some people began to see with Firepower. There were bugs, slow deploy times, and other stability issues in the early versions. I had seen some of these myself. Fast forward to today and we are now getting to see and use the first releases of the 6.4 and 6.5 code platforms. This might just be the first glimpse into something big…
The stability in the new versions of code are a welcome sign of things to come, mainly looking at the Firepower 6.4 platform. There have been a few minor updates to 6.4 to address some of the first bugs and vulnerabilities that have popped up. On the other hand, 6.5 is still on its native release, with some people noticing some issues with this “first release” of the new code. One thing to keep in mind is that 6.4 code is now showing as the recommended software on the Cisco support downloads page for many different Firepower models:
The fact that the newer code was already shown as preferred shows the positive feedback it is receiving along with the reduced number of Cisco TAC support cases being seen on the version too. Version 6.5 is taking even a larger leap with some new features being added, which would explain the lack of immediate updates and the fact it is not the preferred release….yet. There is a tremendous amount of work in progress to bring these new features and it’s clear, Cisco wants to get things right.
Stability is one thing, but the features are what keep bringing people back. Some of the new features include the new firewall models that are now available such as the Firepower 1000 series. Other features include VPN functionality for dynamic IP addressed endpoints or searching for intrusion alerts based on CVE. If you are focusing on security, you can now analyze hit counts on your access rules or check network objects to see if they are used anywhere in any of your configuration. As someone dealing with auditors checking configurations constantly, I can attest to how nice it is to have these features.
Not really a feature, but performance has also seen its fair share of improvement as well. I was able to see this mostly in two areas – Firepower Management Center performance and overall deployment times. FMC seems “snappier” as an interface itself. Adding rules and changing screens had a noticeable latency improvements. The main improvement of performance is seen in deploy times. Firewalls that would take 6-8 minutes to deploy are now taking 3-5 minutes. When sending changes across 30+ firewalls, this time adds up!
Looking to the Future
The future as I see it for Firepower rests on the 6.5 code right now. There are a lot of features in the code that are going to boost the Firepower platform in significant ways such as:
- FPR 1010 switchport functionality
- FPR 1010 PoE ports
- Access control rule filtering
- Built in – Dispute URL category or reputation
- Configure more domains (multitenancy)
- Easy migration between FMC hardware platforms
Some of these things are things that people have been waiting a long time for and are things that people are looking to other security vendors for. If Cisco can bring these features back in a stable, reliable, and high performing platform of code that we are all hoping 6.5 can be, it should be the boost to cement their spot as an IT security powerhouse.