Coming October 25: PeerSpot Awards will be announced! Learn more

Cisco IOS Security OverviewUNIXBusinessApplication

Cisco IOS Security is #7 ranked solution in top Intrusion Detection and Prevention Software and #18 ranked solution in best firewalls. PeerSpot users give Cisco IOS Security an average rating of 8.0 out of 10. Cisco IOS Security is most commonly compared to pfSense: Cisco IOS Security vs pfSense. Cisco IOS Security is popular among the large enterprise segment, accounting for 59% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 23% of all views.
Cisco IOS Security Buyer's Guide

Download the Cisco IOS Security Buyer's Guide including reviews and more. Updated: September 2022

What is Cisco IOS Security?
Cisco IOS Software delivers a sophisticated set of security capabilities for a comprehensive, layered security approach throughout your network infrastructure. Cisco IOS security technologies help to defend critical business processes against attack and disruption, protect privacy, and support policy and regulatory compliance controls.

Cisco IOS Security was previously known as IOS Security.

Cisco IOS Security Customers
Arup Group, Brunel University London, City of Biel, Gobierno de Castilla-La Mancha, K&L Gates , New South Wales Rural Fire Service, Offshore Northern Seas, Transplace
Cisco IOS Security Video

Cisco IOS Security Pricing Advice

What users are saying about Cisco IOS Security pricing:
  • "It is an expensive solution."
  • "Price is certainly something that the IOS technology has fallen behind the competition on."
  • "The pricing is okay. It is competitive. It costs more when you need get more features."
  • Cisco IOS Security Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    TonyMoore - PeerSpot reviewer
    President at www.virtualtechsolutionsusa.com
    Real User
    Top 5Leaderboard
    Prevent unauthorized use of network resources and integrate branch offices with reliability
    Pros and Cons
    • "Completely integrates branch offices with perimeter security."
    • "The capabilities for scalability with this product are huge"
    • "Cisco is head-and-shoulders above all of the competition when it comes to technical support."
    • "The pricing is the only con for this product."

    What is our primary use case?

    Some of our uses for this product are on-premise-based and then some are cloud-based. Mostly, we are cloud-based right now because we are getting away from physical architecture moving forward into the cloud as is Cisco. It allows going from considering CapEx (Capital Expenditure) to OpEx (Operating Expense, Operating Expenditure). That is one of the important things that it allows us to do. It is easier to have solutions cloud-based when it makes sense. All the updates and maintenance get taken care of on their side which is a benefit.  

    On the cloud, we have both public and private services. It depends on what we are doing. If we have a client that is a hospital, they have got to be HIPAA (Health Insurance Portability and Accountability Act) compliant. We also recommend private cloud services for some huge retailers that have to be PCI (Payment Card Industry) compliant.  

    We use it mostly just for prevention. Basically to prevent unauthorized use of network resources. They use it for routing capabilities, threat mitigation, worms, and viruses. A lot of times, it is used for the network application layer threat.  

    How has it helped my organization?

    The solution does not do anything for us directly as we use it with other clients. We are a large IT company. We hear from clients who tell us what they want. We just find solutions for what they tell us they need. Everyone has a different flavor of what they are looking for and what they are looking to fix.  

    The Cisco IOS (Internetwork Operating System) firewalls are mostly set up for branch offices in small to medium business environments or for managed services. Those are the clients we usually use this solution for. It is usually only used for a specific thing to fill a specific need. It might be NAT (Network Address Translation), it might be a guideline or restrictions, it might be that they can have the option to make a solution work on cloud or on-premises. It could be deployed so they have the option to either use CapEx or OpEx. It helps to create options for those types of things.  

    What is most valuable?

    I would say that the most valuable thing is probably the Application Visibility and Control which is how it controls the application traffic on the network. I like the IPS (Intrusion Prevention System), the IOS content filtering, and the NAT network translation. I like the way it completely integrates branch offices in our perimeter security.  

    What needs improvement?

    A few things have room for improvement in your opinion. That would start with cost. Cisco products are more expensive than the competition, but the additional cost usually gets absorbed by the name recognition. Most people have Cisco or have familiarity with it, so they go with it. If they want the top quality product, they immediately feel comfortable with the Cisco name brand. That is where we come in as consultants. We bend over backward to make product comparisons and framing for solving the needs posed by an organization. I see something is a better fit for them that they could use. It would reduce their CapEx, their expenses, and it would fit them better all at the same time. The client may still want Cisco despite the recommendation that we make. But usually, that is what it is. Cisco fits, and if they want to spend the money, we make sure that it is within their budget. They feel more comfortable with Cisco, and they have had Cisco in the past, so we go with Cisco then.  

    Cisco is great. A lot of the tech companies are doing really well. But Cisco is still in the forefront. They are on top of this category of products. I can not think of anything else they could do because they cover pretty much everything that you would need a firewall for. Then you get Cisco's support behind the products.  

    I would think it would be a lot better for us and we could make more money if we try to recommend that clients put drop-in boxes at every location. But we do not choose to do that unless there is a purpose for it. In most cases, we would prefer clients to go the OpEx route. It takes a lot to offset the cost of Cisco so if they are going to do a cloud solution, their costs are metered per month by whatever solution they have. That is a lot better for projecting costs, and then there is the benefit of everything being upgraded in the cloud for them. They do not have to worry about anything. It just works.  

    Buyer's Guide
    Cisco IOS Security
    September 2022
    Learn what your peers think about Cisco IOS Security. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    632,539 professionals have used our research since 2012.

    For how long have I used the solution?

    We have been using Cisco for as long as Cisco has been around. It is hard to answer the question of when, exactly, we started using this product because they have been upgrading or changing the product as it evolved over the years. It is basically the same foundation and they build upon that over time. I can just say that we have been either using this product or something very similar for a long time.  

    What do I think about the stability of the solution?

    Cisco IOS Security is stable, very stable.  

    What do I think about the scalability of the solution?

    The capabilities for scalability with this product are huge. It is very scalable.  

    A lot of our clients have a small main office with accounting and human resources that are headquarter-based. Most of them have other remote sites and branch offices. Whether it is a bank or a finance company, it is easy for employees in those particular roles to be able to pull applications down. It takes a lot of stuff off what would have to be handled by the network firewall. They do not have to worry about so many threats when they are bringing up applications to use and if there are compliance or regulating issues that they have to be aligned with. But that is the type of environment where this product can be used to scale effectively.  

    How are customer service and support?

    Cisco's technical support is very good. There are a couple of competing products that I know do not have support that is as good. Palo Alto does not have particularly good technical support, for example, but most of the rest of them do. Even so, Cisco is head-and-shoulders above all of them.  

    For tech support, independent of the cost of the product, I would definitely give Cisco a ten-out-of-ten.  

    Which solution did I use previously and why did I switch?

    We just had a client go with Cisco Meraki and we put a couple of those in. Then we had a Cisco Nexus installation and they topped that by integrating it with perimeter firewalls for their remote locations or branches.  

    We currently use really any brand of product in consideration for our consultations. There is not any particular brand we are married to, and we have used them all, pretty much. We do not use all the solutions ourselves. We get feedback from our clients and the companies we do work for. All the clients that we get give us pretty good feedback on the recommendations and the products that they end up using. Otherwise, they would be angry with us. What we recommend has to fit their particular niche and that is what we have to be good at identifying.  

    For instance, if a client comes to me and describes how their organization is set up, we react to that. If they say they are a finance company and they have accounting and finance concerns, there are some pain points that they are going to have solved. One of those is application-specific. Then you have to layer that with your regulatory concerns. HIPAA compliance is something I encounter with finance companies, banks, and medical facilities. Those types of companies do very well with CloudGenix because CloudGenix is application-specific. If you put their firewalls in place, those would be a good fit for that type of client. For everything else — manufacturing and all the others and things like that — Cisco would be number one. They outweigh the competition in terms of different companies that they fit niches for better because of the range and flexibility of the solutions.  

    If the client's needs are application-based, then we start looking at another way with another solution. But Cisco does great with being PCI and HIPAA compliant and all that, but if you only consider Cisco for every installation, that means you are pulling everything from one pool. You are not looking closely at the specifics.  

    How was the initial setup?

    I think that the initial setup is very straightforward. Most of the firewalls are straightforward and not too complex. When you are setting up a network with something like Merakis, or if you are looking at working with CloudGenix, then that is where you start to get a separation of difficulty in installation and will notice that it becomes a little bit harder to set up.  

    What other advice do I have?

    My advice to people and companies considering this solution is to just do the research. Do compatibility research to compare with the other solutions that are out there. Definitely make sure that the firewall you choose is designed for your network architecture, application-layer attacks, and virus and worm protection. If that coverage is what you are looking for and you have an analog phone system. You might not be ready to go to VoIP (Voice over Internet Protocol) yet because you do not want to lose the phones that you have got. Some people add to that base as they scale. We can use something called SIPs (Session Initiation Protocol), for connecting all those analog phones to the VoIP. That is a good indicator that a Cisco firewall will be a good solution for you because it protects the unified communication and guards the SIPs, endpoints, and call-control resources.  

    On a scale from one to ten (where one is the worst and ten is the best), I would rate this product overall as a ten, for sure, if you consider its advantages over the competition. If you add in pricing, I would have to lower that to a nine-out-of-ten. Price is the only place that I figure Cisco could do something. Or if they could offset the cost of their boxes using a cloud solution. We had a client do that. They had boxes, but they were trying to figure a better way to scale. I suggested to them that they just move the areas that they were scaling to the cloud. They did it with the new branches they have added, and now they are waiting to phase out their boxes. They will eventually move over to a complete cloud-based firewall solution.  

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Sr. Security and Enterprise Architect at a security firm with 11-50 employees
    Real User
    Top 5
    Great security and automation with helpful technical assistance
    Pros and Cons
    • "Cisco Technical Assistance Center works on a follow-the-sun concept and gives real 24x7 customer support, which is a great advantage when you have a service contract with them."
    • "There are the usual bugs that are inherent to some software upgrades. Sometimes this provides some unexpected issues, however, it happens with all brands all the time."

    What is our primary use case?

    The solution is used for enterprise and NAC connectivity.

    This kind of technology has the advantage of being very flexible to any size organization. It is a cornerstone as a part of the basic network infrastructure.

    It can be used as a simple switch to connect your network devices with security features embedded - such as port security, for example. This allows companies to limit to a fixed address per port, avoiding external or malicious assets for accessing the network.

    For example, if you have a retail business, and you have a lot of small stores spread nationwide, you just need to connect some cameras and sales points to the network. iOS security solutions allow you to have a secure LAN and you could add a secure WAN connection through your Internet provider with LTE links as backups. You can set up on-demand VPN connections from store to store for voice/video calls, or do inventory queries direct to the HQ database.

    How has it helped my organization?

    As a Cisco partner/reseller, security has been a concern for many years. Cisco has a security concept that begins right when you try to connect to the network. Security is a complete system and is not just put on security devices at the perimeter or between tiers inside a data center.

    iOS on routers is a mature solution, allowing easy setup of a traditional ISAKMP V1 or V2 VPN, and a very mature proprietary VPN flavor called DMVPN. DMVPN allows on-demand VPN establishment with minimal setup configuration and creates a pseudo full mesh avoiding bottlenecks. 

    Cisco Technical Assistance Center works on a follow-the-sun concept and gives real 24x7 customer support, which is a great advantage when you have a service contract with them.

    What is most valuable?

    The best features include the Auto Secure script, port security, spanning-tree root and loop guard, 802.1x, DMVPN, GET VPN, SD-Access, and Secure SD-WAN.

    The software offers plenty of security solutions that can work in the most sophisticated enterprise but also works well for small/mid-range enterprises.

    A simple switch is able to run basic security as port security, limiting the MAC addresses allowed on a port, or by running a script you can set up ACL and some control plane policies to protect control and management planes and basic DoS protection.

    The same software is able to work with sophisticated security options going from the basic 802.1x to MACSEC, NAC, and trustsec, and can be integrated with automation tools in order to do auto onboarding tasks (for wired devices), profiling, and more interesting security tasks.

    It allows for easy traditional ISAKMP V1 or V2 VPN setups and has a very mature proprietary VPN flavor called DMVPN. DMVPN allows on-demand VPN establishment with minimal setup configuration involved and creates a pseudo full mesh (avoiding bottlenecks as a hub-spoke topology does). Dynamic VPN establishment allows spoke-to-spoke traffic flow on-demand, optimizing VoIP/SIP calls setting up direct tunnels among spokes, reducing latency compared with a hub/spoke topology.

    Switch and router iOS can be automated and orchestrated with secure SD-WAN and SD-Access Cisco solutions. Having the iOS software is relevant for small and large enterprises; it works fine for all size networks.

    What needs improvement?

    There are the usual bugs that are inherent to some software upgrades. Sometimes this provides some unexpected issues, however, it happens with all brands all the time.

    Some additional features could be improved. For example, the licensing for DNA environments could be better. In some countries, the end-user does not want to go to orchestration/automation environments. They just want to have a small network for their small budget and they never will go to these environments. They consider it unfair that they have to pay for a license/subscription that will never be used.

    For how long have I used the solution?

    I've used the solution for ten or more years.

    What do I think about the stability of the solution?

    It is very stable.

    What do I think about the scalability of the solution?

    The product is very scalable.

    How are customer service and support?

    Technical support is great.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    My customers have used other brands that just gave connectivity and did not offer security over LAN switches. The VPN scheme was limited to site-to-site over hub-and-spoke topologies.

    How was the initial setup?

    The initial setup is straightforward.

    What about the implementation team?

    We are the vendor team that handles implementations.

    What's my experience with pricing, setup cost, and licensing?

    Cisco is not a cost-effective brand, however, in the end, you get what you pay for. Regarding licensing, some customers will not use automation/orchestration environments and do not like to pay a subscription for something they will never use.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: I have 20+ years of experience working on cisco partners, but I do have Cisco Infrastruchture on my own company and the enunciated solutions are currently running as if I were another more customer too.
    PeerSpot user
    Buyer's Guide
    Cisco IOS Security
    September 2022
    Learn what your peers think about Cisco IOS Security. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    632,539 professionals have used our research since 2012.
    Consultant at twigalpha
    Consultant
    It's a reliable solution that will be around for a long time, but the configuration and reporting interfaces need improvement
    Pros and Cons
    • "The VPN was valuable for us because more people are working from home. It has a lot of reporting and easy-to-use management tools."
    • "The configuration and reporting interfaces need a lot of improvement. It needs to be more accessible forsolide without a strong technical background. If you had a simplified dashboard, the lower-level techs could manage the solution and provide services. Cisco IOS Security requires someone who is highly trained to operate it."

    What is our primary use case?

    My organization is an ISP using IOS Security to secure enterprise resources. We previously had it deployed on-premises, but we have switched to the cloud. We prefer AWS for latency purposes because it's based in South Africa. 

    What is most valuable?

    The VPN was valuable for us because more people are working from home. It has a lot of reporting and easy-to-use management tools.

    What needs improvement?

    The configuration and reporting interfaces need a lot of improvement. It needs to be more accessible forsolide without a strong technical background. If you had a simplified dashboard, the lower-level techs could manage the solution and provide services. Cisco IOS Security requires someone who is highly trained to operate it. 

    There is central management, but reporting could be more centralized too. You can have a lab module. However, we need to see some es, and that will help you deploy without breaking the live system. There's no way for me to have a live system to test my new configuration. If it breaks, I have to deploy it and reverse it to the previous configuration. 

    It would be nice if I could create an online lab on the fly to test for 10 minutes to an hour without messing anything up. That would be great, especially for things that we do on our live network appliance.

    For how long have I used the solution?

    I've been using Cisco since the late 90s.

    What do I think about the stability of the solution?

    The stability is great. It takes a bit of time for them to introduce new features that I want. 

    What do I think about the scalability of the solution?

    All Cisco products are scalable. The scalability is there, but the pricing model isn't straightforward. 

    How are customer service and support?

    I rate Cisco support four out of 10. Dealing with Cisco support is complicated. First, there's a time difference because we are in the GMT+2 time zone. It sometimes takes a while for your ticket to be assigned. Today, I find that other cloud service providers respond much quicker than Cisco, even though they are smaller. They need to improve on response time.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    It was the first solution I've used, and I've stuck with it because I'm comfortable with it. I haven't used other products, but I'm evaluating some because Cisco is becoming more complicated in terms of licensing, features, and other stuff. 

    How was the initial setup?

    I wouldn't say the deployment was complicated, but I wouldn't use the word "easy" either. It's straightforward if you know what you're doing. However, it can be complicated if you don't know what you're trying to do. You need a bit of training before touching it. By contrast, FortiGate is easier to get started, but Cisco solutions require training before you start messing with them. 

    It wasn't much of a challenge for me because I've been working with Cisco for a while. Initially, there were some painful moments where you thought these things would break.

    What about the implementation team?

    We were doing everything by ourselves at first, but we ended up using an integrator at some point.

    What was our ROI?

    In IT services, we don't calculate return on investment. It allows the business to grow, so we don't calculate the return. We just look at the IT cost. 

    What's my experience with pricing, setup cost, and licensing?

    I rate IOS Security six out of 10 for pricing

    What other advice do I have?

    I rate Cisco IOS Security six out of 10. For someone who wants something that works, they can be sure that Cisco will be there in the next five years. Cisco products have longevity because the company is secure, and you know the product will be supported for many years. 

    There is longevity if you can afford it. At the same time, you'll need to invest in learning the product. The most vital aspect of Cisco is that it works, and the company is there for you. You are sure it'll be there tomorrow.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Field Solutions Engineer at a computer software company with 1,001-5,000 employees
    MSP
    Top 10
    IPsec technology allows our clients to be more agile in their connectivity, but the technical support response times should be better
    Pros and Cons
    • "What I have used the most and received the most benefit from is the IPsec technology."
    • "With respect to user-friendliness, it is a command-line interface and those with such experience will get along just fine, whereas others may struggle."

    What is our primary use case?

    We are a reseller and Cisco IOS Security is one of the network security products that we offer to our clients. The primary use case is securing connectivity between sites. Examples of this are between a site and a data center, or a site and a cloud provider.

    How has it helped my organization?

    DMVPN as a technology, not necessarily for security, has allowed my customers to be more agile in their connectivity, without having to rely on a hub-and-spoke topology. Rather, they can leverage a full mesh topology, which is essentially SD-WAN.

    IPsec allows us to overlay that, which means we can obfuscate the underlying infrastructure, whatever the transports are. Whether it is a secure private transport like MPLS or just public internet, we can commoditize the underlying transports and trust that everything is secured from prying eyes. 

    What is most valuable?

    What I have used the most and received the most benefit from is the IPsec technology. It overlays on DMVPN tunnels and being able to secure these object-based tunnels is good because they perform significantly better than traditional IPsec tunnels.

    What needs improvement?

    With respect to user-friendliness, it is a command-line interface and those with such experience will get along just fine, whereas others may struggle. My expectation is that it will remain a primarily command-line-based technology.

    The biggest annoyance is probably the quality control of the code. They have to make sure that they are better at vetting bugs and software issues before they release code to the general public.

    For how long have I used the solution?

    I have been working with this product for the past ten years.

    What do I think about the stability of the solution?

    It is not the most stable system that I have worked with.

    What do I think about the scalability of the solution?

    I don't think that scalability is much of an issue.

    Our clients are small enterprise-level organizations, typically between 1,000 and 5,000 knowledge workers.

    How are customer service and technical support?

    The technical support is pretty good and I would rate them an eight out of ten. If anything, they should work on their response times for critical cases.

    Which solution did I use previously and why did I switch?

    I would say that 80% of my experience is with Cisco products.

    How was the initial setup?

    The initial setup is fairly complex, although it depends on the feature sets that you're looking for. Cisco IOM is probably the most complex part of it because it involves setting up all of the QoS policies, performance-routing policies, and performance-routing domains.

    From a DMVPN over IPsec perspective, it is pretty straightforward.

    What's my experience with pricing, setup cost, and licensing?

    Price is certainly something that the IOS technology has fallen behind the competition on.

    What other advice do I have?

    My advice for anybody who is implementing this product is to ensure that they don't overlook the technical overhead that is required to get it set up and keep it running. From an SD-WAN perspective, there are more user-friendly options out there, so they are going to have their own shortcomings. However, if you're going down the route of a Cisco command-line-based solution then make sure that you're prepared to have the staff on hand to manage it or instead, have a trusted partner that you work with and has the expertise to manage it.

    From a feature-set perspective, as long as Cisco continues down the path of combining features from its products onto the unified platform, it will have all the features you need.

    It's a good product and it does exactly what it's intended to do, but there and stability issues and the price is expensive.

    I would rate this solution a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Pete Fotopoulos - PeerSpot reviewer
    Vice President - Network and Infrastructure at NJA LLC
    Real User
    Top 5
    It covers everything but is especially effective when a lot of the traffic is in layer 7
    Pros and Cons
    • "We are able to filter a lot of traffic especially when a lot of the traffic is in layer 7."
    • "It covers everything we need it to without looking to secondary solutions."
    • "The user interface needs to be improved."
    • "Signatures and other critical definitions need to be updated more frequently."

    What is our primary use case?

    Our primary use is just as a firewall. That is pretty much it.  

    How has it helped my organization?

    We are able to filter a lot of traffic. The is especially effective when a lot of the traffic is in layer 7 — the internet aspect of security for application services.  

    What is most valuable?

    I think the multi-layered approach is valuable. Just the fact that it covers everything on the LSA (Local Security Authority) right up to layer 7, in-depth packet analysis, and all that. It covers everything we need it to without looking to secondary solutions.  

    What needs improvement?

    I think the user interface for IOS Security needs to be improved.  

    I think the signature updates and all the other critical definitions need to be updated more frequently.  

    For how long have I used the solution?

    We have only been using IOS (Internetwork Operating System) Security since about 2016. So we have worked with it for about four years.  

    What do I think about the stability of the solution?

    The stability of the product is okay. There were not really any bugs or glitches that I can remember.  

    What do I think about the scalability of the solution?

    The scalability aspect of it is that it is one of those products where you have to incorporate additional hardware. It is a vertical scale, so you add on the boxes you need and bond them together. Of course, it costs more to scale that way than something that would be a software upgrade. You have got to pay to scale and to get more features.  

    Our clients are generally small to medium-sized businesses. Cisco IOS is a pretty good fit for that range of clients.  

    How are customer service and technical support?

    I have used the Cisco technical support and they were okay. Rating them out of ten, I would give them an eight or nine-out-of-ten. They have a pretty good system with decent response time and accuracy. They are good overall and in comparison to other services. They offer 24/7 service, which is a benefit.  

    Which solution did I use previously and why did I switch?

    I was actually using Cisco products more in the past and use them as a consultant. Right now, Sophos is the only one I have been using. It just came about through one of those situations where we were able to partner up with Sophos. That is really the reason for the change.  

    How was the initial setup?

    Setup and installation are pretty much straightforward. Comparing the installation to Fortinet or Sophos they are all the same.  

    What's my experience with pricing, setup cost, and licensing?

    The pricing for IOS Security is okay. It is competitive. It costs more when you have got the need to pay for more features. You have to buy more boxes and tie them together to upgrade to the next level.  

    Which other solutions did I evaluate?

    I have used Fortinet in the past too as well as Sophos and other Cisco products. They are all similar and if you know how to use them they are virtually all the same.  

    What other advice do I have?

    The advice that I would give to others looking into implementing this product is that I think they need to do their benchmarking. They should do due diligence beforehand in terms of their traffic.  

    On a scale from one to ten (where one is the worst and ten is the best), I would rate this product overall as about an eight-out-of-ten. I do not know how they could realistically improve on that much. You never keep up with the hackers, they are always a step ahead of us when it comes to security.  

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Technical Lead at a tech services company with 10,001+ employees
    Real User
    Top 5
    Easy to use, easy to set up, and offers excellent technical support
    Pros and Cons
    • "The solution is very user-friendly and easy to deal with."
    • "It would be ideal if the solution had more capacity."

    What is our primary use case?

    We primarily use the solution as a VPN concentrator. It's the main VPN concentrator for all remote connections.

    What is most valuable?

    The compatibility is high with many open protocols. We use it for Radiant. We use it for any kind of network access protocols as well. 

    The solution is very user-friendly and easy to deal with. We find working with both the Command-Line and the Viewer very, very straightforward.

    It's quite stable. We find it more stable than other options.

    What needs improvement?

    It would be ideal if the solution had more capacity. Right now, we are almost hitting the maximum capacity of the product. If they could provide more capacity for the same product, that would be great.

    For how long have I used the solution?

    I've been using the solution for over ten years. At more than a decade, it's been a long time.

    What do I think about the stability of the solution?

    The solution is extremely stable. We find it much more stable than other options. It doesn't crash or freeze. There aren't issues with glitches. It is completely reliable.

    What do I think about the scalability of the solution?

    Currently, we have over 7,000 users that utilize this solution.

    We do plan to increase usage in the future.

    How are customer service and technical support?

    Technical support is very, very good under Cisco. It's one of the other advantages of using their product. They are very helpful, responsive, and knowledgeable. We've very satisfied with the level of service they provide to us.

    Which solution did I use previously and why did I switch?

    We previously used Juniper. Juniper has improved a lot over the last little while, however, we still prefer Cisco.

    How was the initial setup?

    I was not part of the installation process. That was handled by another team entirely. That said, they didn't take a lot of time to get everything up and running. It was, if I recall correctly, less than one week to put it up and test it and make all the configuration adjustments. Deployment was fast and it's my understanding that the whole process from beginning to end was straightforward.

    We only needed two people and they were able to handle both deployment and maintenance. They are engineers.

    What's my experience with pricing, setup cost, and licensing?

    I don't know the exact licensing costs. It's not something I deal with directly, and therefore I don't have any access to the information in regards to pricing and payments.

    What other advice do I have?

    We're just a customer and end-user. We don't have a business relationship with Cisco.

    We're using the latest version of the solution in our organization right now.

    We use both cloud and on-premises deployments, however, currently, we tend to use more on-premises deployments.

    I would recommend the solution. Overall, I would rate it at an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Bilal  Mustafa - PeerSpot reviewer
    Operations Specialist - MX Operations at Bank Alfalah Limited
    Real User
    It's a stable solution with good local support, but it takes to long to update and deploy policies
    Pros and Cons
    • "In Pakistan, we only use Cisco because they have good local support infrastructure. Huawei and Fortinet don't offer direct support in Pakistan."
    • "It takes too much time to deploy a policy to FMC. It takes around eight minutes. You can't afford any downtime when you're changing policies."

    What is our primary use case?

    IOS Security is a firewall, and every connection goes through it. We have around 12,000 people in the company.

    What is most valuable?

    In Pakistan, we only use Cisco because they have good local support infrastructure. Huawei and Fortinet don't offer direct support in Pakistan.

    What needs improvement?

    It takes too much time to deploy a policy to FMC. It takes around eight minutes. You can't afford any downtime when you're changing policies. 

    The update process could also be smoother. They could improve the FirePOWER integration to reduce the time needed to update to the newer version. Sometimes, in the middle of the update, the process starts, but it doesn't find the new installation, so we have to force it to run that particular part. 

    For how long have I used the solution?

    I have been using IOS Security for about six or seven years.

    What do I think about the stability of the solution?

    When we have FirePOWER integrated into the solution, there are some gaps, so it's not as stable as the legacy solutions like SFR and ASA. 

    What do I think about the scalability of the solution?

    It depends on the size of the box. We don't have any issues regarding scalability with the appliance we have.

    How are customer service and support?

    We don't directly connect with the principal. In Pakistan, we have vendors providing support indirectly to our principal. We have Smart Net support, but in the banking sector, management always prefers an indirect channel.

    Which solution did I use previously and why did I switch?

    I also use FortiGate. IOS Security is more stable than competitors, and Cisco is more comprehensive in its approach. The company is trusted and has a greater presence. That is the main reason to use Cisco over other vendors. 

    What other advice do I have?

    I rate Cisco IOS Security seven out of 10. To make it a 10, Cisco needs to speed up all the processes to reduce downtime to a minimum. For example, if a department comes to me to do a UAT, I might find out I have to make some changes. There's an additional 10 minutes. It's a lengthy process for me.

    If you have the support for another firewall, I suggest researching your options. Go for the UAT environment and check as you're comparing them. I won't say that you should definitely go for Cisco.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Cyber Security Engineer at a tech company
    Real User
    Top 20
    Easy to install and good technical support on offer but could be easier to use
    Pros and Cons
    • "The product is easy to use."
    • "There could be a bit more functions on offer that could make it easier to use."

    What is our primary use case?

    We primarily use the product as a security solution within our company.

    What is most valuable?

    Overall, the devices are very good and reliable.

    The product is easy to use.

    It's quite a stable solution.

    The installation process is easy.

    Technical support has always been very good.

    What needs improvement?

    It's a good device yet it's not a market leader. There are better options for customers to choose from.

    There could be a bit more functions on offer that could make it easier to use.

    For how long have I used the solution?

    We have used the solution for four years. It's been a while. We have a bit of experience with it at this point. 

    What do I think about the stability of the solution?

    The stability is great and the performance is good. It's reliable. There are no bugs or glitches. it doesn't crash or freeze. 

    What do I think about the scalability of the solution?

    We have about 2,000 users on the product currently.

    How are customer service and technical support?

    Cisco technical support is the best in the world. They are very helpful and responsive and we are always satisfied with the amount of assistance we get.

    Which solution did I use previously and why did I switch?

    Previous to this solution, we did not use anything else.

    How was the initial setup?

    It's straightforward to set up. The product isn't too complex in terms of implementation. It takes about two days to deploy everything. 

    You only need two people for installation. We have two technicians for the installation of the product and two engineers for managing the product.

    What about the implementation team?

    We handle the implementation ourselves in-house. We don't need outside consultants or integrators. 

    What's my experience with pricing, setup cost, and licensing?

    We pay a yearly subscription for signatures and stuff for the filtering, debugging inspection.

    Which other solutions did I evaluate?

    We did not evaluate anything before we started using Cisco. We didn't evaluate other options.

    What other advice do I have?

    We always use two versions behind the latest version. We do not use the latest version typically.

    I'd rate the solution at a six out of ten.

    I wouldn't recommend the solution to other users or organizations at this time.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Cisco IOS Security Report and get advice and tips from experienced pros sharing their opinions.
    Updated: September 2022
    Buyer's Guide
    Download our free Cisco IOS Security Report and get advice and tips from experienced pros sharing their opinions.