My company recently bought a pair of Cisco Firepower NGFWs to replace our EOL ASAs and I've been working on configuring them. It's been a whole mess that I won't go into too much, but at the end of the day I'm super frustrated with them and honestly wish they decided to go with a non-cisco vendor like Palo Alto, whose NGFWs are IMO, vastly more intuitive. To skip my rant about the FTD, CDO and FMC interface debacle, and how the ASA > FTD config migration options simply don't work as expected I'm left doing all the configuration including creating hundreds of objects, ACLs and NATs manually. This would be lightyears easier if I was able to do these configurations through the CLI, rather than a web interface since it would mean I could simply take the list of objects, rules, etc from the old running config and alter the CLI syntax to that of FTD and past the list in, but unfortunately it seems like Cisco has limited the usability of the CLI for configuration in a means to force you to use one of their multiple, but all horribly un-intuitive web GUIs.
The new CLI, oh wait did I mention there are 2? The FXOS for system configuation, and the FTD for "everything" else. By "everything else" I mean that is looks like you can only do some basic interface configurations, static routes, ( but no dynamic protocols) and some other items. Why did Cisco seem to have dumbed everything down in the new line of Firewalls? It's incredibly frustrating as an engineer to not be able to use the CLI as a legitimate means of configuring. It's also incredibly frustrating when you're forced to use a slew of web interfaces that are all horribly designed. /rant
Anyway, if anybody has any advice on how I can make my experience with Firepower better or other's experiences with them, please share.
No comments:
Post a Comment