Overall, it was a pretty easy product to use and had many features that worked quite well. I really liked how you could customize the alerting function with specific criteria and variables so that you have only the information that you want and need. The quarantine function also worked extremely well when you needed to respond to an incident quickly.
There were some quirks with tuning and the false-positive rate was higher than I would have preferred to see. Many attacks came back as "inconclusive" which made it difficult to quickly determine the status of the event. There were also times where we would received a new signature update that would stall legitimate traffic, so I would recommend having one that is not inline for testing that is a signature set ahead of production.
Good solid product with a lot of good features. They made a lot of progress moving away from a Java platform to HTML 5 so the interface has less errors, vulnerabilities, and updates. The ability to react with NSP is pretty solid, but the detection and results need some work. Having many high events with inconclusive results while sitting inline is very frustrating, hopefully this is something they have resolved in later releases.
We were able to repel many attacks and have decent visibility of our interfaces.