This new generation firewall, has 2 main upgrades if we compare de Cisco Firepower against the Cisco ASA
First: More Capacity about sessions and a improven posibility of creation of new sessions. The Firepower can duplicate or triplicate this aspect if we compre to the ASA. This is very useful if you are an ISP and you have a DNS Cache. This can help you if you have any incident in your DNS or in the master server that you use.
2nd. The integration of the firewall services with online services as umbrella, and automatically signature updates for services like DDos, and protection against malwares. Almost that Firepower support aplication visibility and control if it's required, and URL blocking.
Cisco have included this very important option in their firewall, you have
Really there isn't any particular factor that i dislike.
But in this product, is very important to have the support up to date, so you can access to the updated security signatures list.
Like all of Cisco ASA, some stuff ir really hard to do in the CLI, it's like Cisco want us to use the web app. In ASA was a little hard, in Firepower you have to do via http.
We're an ISP, with firepower we solve the problem of opened sessions due to DNS failures. In particular events like a problem of facebook or a problem in our DNS, we've reached the 750k of opened sessions and the ASA is seriosly affected and drops all new sessions.
Almost that we use the Firewall for IPsec tunnels for all the country.