Cisco IOS Security OverviewUNIXBusinessApplication

Cisco IOS Security is the #6 ranked solution in top Intrusion Detection and Prevention Software and #20 ranked solution in best firewalls. PeerSpot users give Cisco IOS Security an average rating of 7.8 out of 10. Cisco IOS Security is most commonly compared to pfSense: Cisco IOS Security vs pfSense. Cisco IOS Security is popular among the large enterprise segment, accounting for 59% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 24% of all views.
Cisco IOS Security Buyer's Guide

Download the Cisco IOS Security Buyer's Guide including reviews and more. Updated: December 2022

What is Cisco IOS Security?
Cisco IOS Software delivers a sophisticated set of security capabilities for a comprehensive, layered security approach throughout your network infrastructure. Cisco IOS security technologies help to defend critical business processes against attack and disruption, protect privacy, and support policy and regulatory compliance controls.

Cisco IOS Security was previously known as IOS Security.

Cisco IOS Security Customers
Arup Group, Brunel University London, City of Biel, Gobierno de Castilla-La Mancha, K&L Gates , New South Wales Rural Fire Service, Offshore Northern Seas, Transplace
Cisco IOS Security Video

Archived Cisco IOS Security Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Field Solutions Engineer at a computer software company with 1,001-5,000 employees
MSP
IPsec technology allows our clients to be more agile in their connectivity, but the technical support response times should be better
Pros and Cons
  • "What I have used the most and received the most benefit from is the IPsec technology."
  • "With respect to user-friendliness, it is a command-line interface and those with such experience will get along just fine, whereas others may struggle."

What is our primary use case?

We are a reseller and Cisco IOS Security is one of the network security products that we offer to our clients. The primary use case is securing connectivity between sites. Examples of this are between a site and a data center, or a site and a cloud provider.

How has it helped my organization?

DMVPN as a technology, not necessarily for security, has allowed my customers to be more agile in their connectivity, without having to rely on a hub-and-spoke topology. Rather, they can leverage a full mesh topology, which is essentially SD-WAN.

IPsec allows us to overlay that, which means we can obfuscate the underlying infrastructure, whatever the transports are. Whether it is a secure private transport like MPLS or just public internet, we can commoditize the underlying transports and trust that everything is secured from prying eyes. 

What is most valuable?

What I have used the most and received the most benefit from is the IPsec technology. It overlays on DMVPN tunnels and being able to secure these object-based tunnels is good because they perform significantly better than traditional IPsec tunnels.

What needs improvement?

With respect to user-friendliness, it is a command-line interface and those with such experience will get along just fine, whereas others may struggle. My expectation is that it will remain a primarily command-line-based technology.

The biggest annoyance is probably the quality control of the code. They have to make sure that they are better at vetting bugs and software issues before they release code to the general public.

Buyer's Guide
Cisco IOS Security
December 2022
Learn what your peers think about Cisco IOS Security. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
657,397 professionals have used our research since 2012.

For how long have I used the solution?

I have been working with this product for the past ten years.

What do I think about the stability of the solution?

It is not the most stable system that I have worked with.

What do I think about the scalability of the solution?

I don't think that scalability is much of an issue.

Our clients are small enterprise-level organizations, typically between 1,000 and 5,000 knowledge workers.

How are customer service and support?

The technical support is pretty good and I would rate them an eight out of ten. If anything, they should work on their response times for critical cases.

Which solution did I use previously and why did I switch?

I would say that 80% of my experience is with Cisco products.

How was the initial setup?

The initial setup is fairly complex, although it depends on the feature sets that you're looking for. Cisco IOM is probably the most complex part of it because it involves setting up all of the QoS policies, performance-routing policies, and performance-routing domains.

From a DMVPN over IPsec perspective, it is pretty straightforward.

What's my experience with pricing, setup cost, and licensing?

Price is certainly something that the IOS technology has fallen behind the competition on.

What other advice do I have?

My advice for anybody who is implementing this product is to ensure that they don't overlook the technical overhead that is required to get it set up and keep it running. From an SD-WAN perspective, there are more user-friendly options out there, so they are going to have their own shortcomings. However, if you're going down the route of a Cisco command-line-based solution then make sure that you're prepared to have the staff on hand to manage it or instead, have a trusted partner that you work with and has the expertise to manage it.

From a feature-set perspective, as long as Cisco continues down the path of combining features from its products onto the unified platform, it will have all the features you need.

It's a good product and it does exactly what it's intended to do, but there and stability issues and the price is expensive.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Pete Fotopoulos - PeerSpot reviewer
Vice President - Network and Infrastructure at NJA LLC
Real User
Top 20
It covers everything but is especially effective when a lot of the traffic is in layer 7
Pros and Cons
  • "We are able to filter a lot of traffic especially when a lot of the traffic is in layer 7."
  • "It covers everything we need it to without looking to secondary solutions."
  • "The user interface needs to be improved."
  • "Signatures and other critical definitions need to be updated more frequently."

What is our primary use case?

Our primary use is just as a firewall. That is pretty much it.  

How has it helped my organization?

We are able to filter a lot of traffic. The is especially effective when a lot of the traffic is in layer 7 — the internet aspect of security for application services.  

What is most valuable?

I think the multi-layered approach is valuable. Just the fact that it covers everything on the LSA (Local Security Authority) right up to layer 7, in-depth packet analysis, and all that. It covers everything we need it to without looking to secondary solutions.  

What needs improvement?

I think the user interface for IOS Security needs to be improved.  

I think the signature updates and all the other critical definitions need to be updated more frequently.  

For how long have I used the solution?

We have only been using IOS (Internetwork Operating System) Security since about 2016. So we have worked with it for about four years.  

What do I think about the stability of the solution?

The stability of the product is okay. There were not really any bugs or glitches that I can remember.  

What do I think about the scalability of the solution?

The scalability aspect of it is that it is one of those products where you have to incorporate additional hardware. It is a vertical scale, so you add on the boxes you need and bond them together. Of course, it costs more to scale that way than something that would be a software upgrade. You have got to pay to scale and to get more features.  

Our clients are generally small to medium-sized businesses. Cisco IOS is a pretty good fit for that range of clients.  

How are customer service and technical support?

I have used the Cisco technical support and they were okay. Rating them out of ten, I would give them an eight or nine-out-of-ten. They have a pretty good system with decent response time and accuracy. They are good overall and in comparison to other services. They offer 24/7 service, which is a benefit.  

Which solution did I use previously and why did I switch?

I was actually using Cisco products more in the past and use them as a consultant. Right now, Sophos is the only one I have been using. It just came about through one of those situations where we were able to partner up with Sophos. That is really the reason for the change.  

How was the initial setup?

Setup and installation are pretty much straightforward. Comparing the installation to Fortinet or Sophos they are all the same.  

What's my experience with pricing, setup cost, and licensing?

The pricing for IOS Security is okay. It is competitive. It costs more when you have got the need to pay for more features. You have to buy more boxes and tie them together to upgrade to the next level.  

Which other solutions did I evaluate?

I have used Fortinet in the past too as well as Sophos and other Cisco products. They are all similar and if you know how to use them they are virtually all the same.  

What other advice do I have?

The advice that I would give to others looking into implementing this product is that I think they need to do their benchmarking. They should do due diligence beforehand in terms of their traffic.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this product overall as about an eight-out-of-ten. I do not know how they could realistically improve on that much. You never keep up with the hackers, they are always a step ahead of us when it comes to security.  

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Cisco IOS Security
December 2022
Learn what your peers think about Cisco IOS Security. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
657,397 professionals have used our research since 2012.
TonyMoore - PeerSpot reviewer
President at www.virtualtechsolutionsusa.com
Real User
Top 5
Prevent unauthorized use of network resources and integrate branch offices with reliability
Pros and Cons
  • "Completely integrates branch offices with perimeter security."
  • "The capabilities for scalability with this product are huge"
  • "Cisco is head-and-shoulders above all of the competition when it comes to technical support."
  • "The pricing is the only con for this product."

What is our primary use case?

Some of our uses for this product are on-premise-based and then some are cloud-based. Mostly, we are cloud-based right now because we are getting away from physical architecture moving forward into the cloud as is Cisco. It allows going from considering CapEx (Capital Expenditure) to OpEx (Operating Expense, Operating Expenditure). That is one of the important things that it allows us to do. It is easier to have solutions cloud-based when it makes sense. All the updates and maintenance get taken care of on their side which is a benefit.  

On the cloud, we have both public and private services. It depends on what we are doing. If we have a client that is a hospital, they have got to be HIPAA (Health Insurance Portability and Accountability Act) compliant. We also recommend private cloud services for some huge retailers that have to be PCI (Payment Card Industry) compliant.  

We use it mostly just for prevention. Basically to prevent unauthorized use of network resources. They use it for routing capabilities, threat mitigation, worms, and viruses. A lot of times, it is used for the network application layer threat.  

How has it helped my organization?

The solution does not do anything for us directly as we use it with other clients. We are a large IT company. We hear from clients who tell us what they want. We just find solutions for what they tell us they need. Everyone has a different flavor of what they are looking for and what they are looking to fix.  

The Cisco IOS (Internetwork Operating System) firewalls are mostly set up for branch offices in small to medium business environments or for managed services. Those are the clients we usually use this solution for. It is usually only used for a specific thing to fill a specific need. It might be NAT (Network Address Translation), it might be a guideline or restrictions, it might be that they can have the option to make a solution work on cloud or on-premises. It could be deployed so they have the option to either use CapEx or OpEx. It helps to create options for those types of things.  

What is most valuable?

I would say that the most valuable thing is probably the Application Visibility and Control which is how it controls the application traffic on the network. I like the IPS (Intrusion Prevention System), the IOS content filtering, and the NAT network translation. I like the way it completely integrates branch offices in our perimeter security.  

What needs improvement?

A few things have room for improvement in your opinion. That would start with cost. Cisco products are more expensive than the competition, but the additional cost usually gets absorbed by the name recognition. Most people have Cisco or have familiarity with it, so they go with it. If they want the top quality product, they immediately feel comfortable with the Cisco name brand. That is where we come in as consultants. We bend over backward to make product comparisons and framing for solving the needs posed by an organization. I see something is a better fit for them that they could use. It would reduce their CapEx, their expenses, and it would fit them better all at the same time. The client may still want Cisco despite the recommendation that we make. But usually, that is what it is. Cisco fits, and if they want to spend the money, we make sure that it is within their budget. They feel more comfortable with Cisco, and they have had Cisco in the past, so we go with Cisco then.  

Cisco is great. A lot of the tech companies are doing really well. But Cisco is still in the forefront. They are on top of this category of products. I can not think of anything else they could do because they cover pretty much everything that you would need a firewall for. Then you get Cisco's support behind the products.  

I would think it would be a lot better for us and we could make more money if we try to recommend that clients put drop-in boxes at every location. But we do not choose to do that unless there is a purpose for it. In most cases, we would prefer clients to go the OpEx route. It takes a lot to offset the cost of Cisco so if they are going to do a cloud solution, their costs are metered per month by whatever solution they have. That is a lot better for projecting costs, and then there is the benefit of everything being upgraded in the cloud for them. They do not have to worry about anything. It just works.  

For how long have I used the solution?

We have been using Cisco for as long as Cisco has been around. It is hard to answer the question of when, exactly, we started using this product because they have been upgrading or changing the product as it evolved over the years. It is basically the same foundation and they build upon that over time. I can just say that we have been either using this product or something very similar for a long time.  

What do I think about the stability of the solution?

Cisco IOS Security is stable, very stable.  

What do I think about the scalability of the solution?

The capabilities for scalability with this product are huge. It is very scalable.  

A lot of our clients have a small main office with accounting and human resources that are headquarter-based. Most of them have other remote sites and branch offices. Whether it is a bank or a finance company, it is easy for employees in those particular roles to be able to pull applications down. It takes a lot of stuff off what would have to be handled by the network firewall. They do not have to worry about so many threats when they are bringing up applications to use and if there are compliance or regulating issues that they have to be aligned with. But that is the type of environment where this product can be used to scale effectively.  

How are customer service and technical support?

Cisco's technical support is very good. There are a couple of competing products that I know do not have support that is as good. Palo Alto does not have particularly good technical support, for example, but most of the rest of them do. Even so, Cisco is head-and-shoulders above all of them.  

For tech support, independent of the cost of the product, I would definitely give Cisco a ten-out-of-ten.  

Which solution did I use previously and why did I switch?

We just had a client go with Cisco Meraki and we put a couple of those in. Then we had a Cisco Nexus installation and they topped that by integrating it with perimeter firewalls for their remote locations or branches.  

We currently use really any brand of product in consideration for our consultations. There is not any particular brand we are married to, and we have used them all, pretty much. We do not use all the solutions ourselves. We get feedback from our clients and the companies we do work for. All the clients that we get give us pretty good feedback on the recommendations and the products that they end up using. Otherwise, they would be angry with us. What we recommend has to fit their particular niche and that is what we have to be good at identifying.  

For instance, if a client comes to me and describes how their organization is set up, we react to that. If they say they are a finance company and they have accounting and finance concerns, there are some pain points that they are going to have solved. One of those is application-specific. Then you have to layer that with your regulatory concerns. HIPAA compliance is something I encounter with finance companies, banks, and medical facilities. Those types of companies do very well with CloudGenix because CloudGenix is application-specific. If you put their firewalls in place, those would be a good fit for that type of client. For everything else — manufacturing and all the others and things like that — Cisco would be number one. They outweigh the competition in terms of different companies that they fit niches for better because of the range and flexibility of the solutions.  

If the client's needs are application-based, then we start looking at another way with another solution. But Cisco does great with being PCI and HIPAA compliant and all that, but if you only consider Cisco for every installation, that means you are pulling everything from one pool. You are not looking closely at the specifics.  

How was the initial setup?

I think that the initial setup is very straightforward. Most of the firewalls are straightforward and not too complex. When you are setting up a network with something like Merakis, or if you are looking at working with CloudGenix, then that is where you start to get a separation of difficulty in installation and will notice that it becomes a little bit harder to set up.  

What other advice do I have?

My advice to people and companies considering this solution is to just do the research. Do compatibility research to compare with the other solutions that are out there. Definitely make sure that the firewall you choose is designed for your network architecture, application-layer attacks, and virus and worm protection. If that coverage is what you are looking for and you have an analog phone system. You might not be ready to go to VoIP (Voice over Internet Protocol) yet because you do not want to lose the phones that you have got. Some people add to that base as they scale. We can use something called SIPs (Session Initiation Protocol), for connecting all those analog phones to the VoIP. That is a good indicator that a Cisco firewall will be a good solution for you because it protects the unified communication and guards the SIPs, endpoints, and call-control resources.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this product overall as a ten, for sure, if you consider its advantages over the competition. If you add in pricing, I would have to lower that to a nine-out-of-ten. Price is the only place that I figure Cisco could do something. Or if they could offset the cost of their boxes using a cloud solution. We had a client do that. They had boxes, but they were trying to figure a better way to scale. I suggested to them that they just move the areas that they were scaling to the cloud. They did it with the new branches they have added, and now they are waiting to phase out their boxes. They will eventually move over to a complete cloud-based firewall solution.  

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Managing Director at a computer software company with 51-200 employees
Real User
Top 20
A mature product with good integration capabilities, however, it needs to be more affordable
Pros and Cons
  • "Cisco has always been a premium product. There's a lot of other entry-level solutions. This is more robust."
  • "The company needs to make its solution more affordable to make it more accessible to larger markets. Otherwise, it's seen as an enterprise-level solution that small or medium-sized organizations can't afford and therefore they won't even look at it."

What is most valuable?

The product is quite mature. Cisco is well known within the industry.

The solution's most valuable aspect is that it is extremely integrated. The product basically comes with the firewall features including IPS, URL filtering, malware, et cetera. The integrated features are great.

The functionalities of the product are pretty good.

Cisco has always been a premium product. There's a lot of other entry-level solutions. This is more robust.

The solution offers a good mix of features. You can always add more modules as you need to if you need even more features.

What needs improvement?

The pricing of the solution can be improved. It's not cheap. It's quite expensive.

The company needs to make its solution more affordable to make it more accessible to larger markets. Otherwise, it's seen as an enterprise-level solution that small or medium-sized organizations can't afford and therefore they won't even look at it.

For how long have I used the solution?

I've been using the solution for quite a long time. It's been ten or 15 years. I have well over a decade of experience under my belt.

What do I think about the stability of the solution?

The solution is stable. We find Cisco to be very reliable. It doesn't crash or freeze. There aren't bugs or glitches that disrupt its performance. It's good. There's never been an issue.

What do I think about the scalability of the solution?

The solution can scale. It's designed more as an enterprise-level solution, so it's good for larger companies.

How are customer service and technical support?

The customer support is great. We're quite satisfied with the level of service Cisco provides. They're knowledgeable and responsive.

Overall, we find that they have the best technical support in the business. Their support is quite competent in terms of their technical skills, more so than other competitors. If you face any issues, you can call them at any time and get the answers you need to resolve whatever is going on.

Which solution did I use previously and why did I switch?

I've used a variety of other solutions. I've used Check Point, Palo Alto, and Juniper as well.

We primarily like Cisco due to the fact that their technical support is great. By far, it's the best I've ever seen.

How was the initial setup?

The solution's initial setup is very straightforward. It's not complex at all.

What's my experience with pricing, setup cost, and licensing?

The solution's costs are quite high. It's a turn-off in terms of actually using it. It's more of an enterprise-level solution. It's not ideal for smaller organizations as the cost to run it would be out of their budgeting capabilities.

What other advice do I have?

We use a few different Cisco solutions. 

We're a Cisco partner. We have a business relationship with the company.

We're dealing with the latest version of this particular solution.

I'd rate the solution seven out of ten. 

The value for money it should be there. Which means good features, good functioning things are there, but they need to make it more affordable for big market. If they were able to price the solution to make it more affordable for more clients that may not be enterprise-level, they've have a bigger footprint.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Javed Hashmi - PeerSpot reviewer
Chief Technology Officer at Future Point Technologies
Real User
Good performance, documentation, and support but is lacking a few features
Pros and Cons
  • "The hardware is pretty stable. It's also a very good product performance-wise. Initially, it wasn't mature like a firewall and there were other leaders, but now they have included almost all the features of next-generation security. Basically, it's a good product to work with."
  • "I would love it if it has a link-by-link feature, integration with Unified Threat Management (UTM), and load balancers. They haven't got any link-by-link feature right now, which can be a very attractive option. This link-by-link feature can also be made available for Cisco's UTM firewalls. The link-by-link feature is available in some of the other firewalls. Currently, integration with UTM is missing. Cisco IOS Security also doesn't have the load balancers and a few things that need to be done to get a good UTM firewall. Normally, other firewalls have UTM. As a next-generation firewall, it's good, but as a UTM, it has to do some work."

What is our primary use case?

We basically use it for security. It can be used as the internet as well as the data center security firewall.

What is most valuable?

The hardware is pretty stable. It's also a very good product performance-wise. 

Initially, it wasn't mature like a firewall and there were other leaders, but now they have included almost all the features of next-generation security. Basically, it's a good product to work with. 

What needs improvement?

I would love it if it has a link-by-link feature, integration with Unified Threat Management (UTM), and load balancers.

They haven't got any link-by-link feature right now, which can be a very attractive option. This link-by-link feature can also be made available for Cisco's UTM firewalls. The link-by-link feature is available in some of the other firewalls. 

Currently, integration with UTM is missing. Cisco IOS Security also doesn't have the load balancers and a few things that need to be done to get a good UTM firewall. Normally, other firewalls have UTM. As a next-generation firewall, it's good, but as a UTM, it has to do some work.

For how long have I used the solution?

We have been working with this solution for around 15 years now.

What do I think about the stability of the solution?

Cisco IOS Security is very stable.

What do I think about the scalability of the solution?

It's pretty scalable. The hardware is good, and it's scalable.

How are customer service and technical support?

The main reason for going with Cisco is their support. They have very skilled people and a very good support structure as compared to many other companies. They invest heavily in support maintenance. 

We are pretty comfortable with Cisco technical support, but with the new acquisitions, they also need to ramp up their support. For the older Cisco IOS and other stuff, they have very mature teams, but with the new acquisitions, sometimes it takes time to do the transition up to that level. For example, when Cisco acquired Sourcefire for the firewall, it took some time for Sourcefire to act like Cisco's other products. So, support is good, but still, there is a learning curve involved with new acquisitions and their support.

How was the initial setup?

The initial setup was complex when we compare it with some other vendors.

The setup is easy if you have good knowledge. As compared to the earlier types, it is very easy now, and the major stuff is graphical. It's pretty easy, and we don't need a lot of people, at least one to two people for backup are good enough to manage the firewalls.

What's my experience with pricing, setup cost, and licensing?

Cisco IOS Security is for medium and large enterprises. When we talk about the price as well, it's more suitable for medium and large enterprises, but recently they included a few good SMB options. They have introduced a cheaper version of it in the last year with SMB option, which can be looked into for small enterprises, but it's more suited towards the large enterprises and medium enterprises.

Which other solutions did I evaluate?

We prefer selling Cisco firewalls. We also sell Fortinet. Because Cisco's presence in our country is very good as compared to Fortinet and Palo Alto, the local customers seem comfortable with Cisco.

When we talk about Cisco, definitely the hardware is more reliable and scalable as compared to others. The support is also pretty good. These are the two good things. Definitely, Cisco Firewall is all around pretty good as compared to Fortinet.

What other advice do I have?

We work with Cisco, and we top-rate Cisco firewalls to be sold and deployed. This is because they have good trading and expertise available. Cisco IOS Security is pretty reliable, and it also has really good documentation.

It sometimes requires a slightly higher technical expertise to implement all the features as compared to other firewalls. Therefore, users definitely have to be trained first to get proper knowledge. Definitely, IOS security is well-documented, and it's pretty reliable. I'd advise just to make sure that they have adequate knowledge. 

The learning curve is slightly longer because it's a slightly complex product as compared to Fortinet, but feature-wise, it's very good.

I would rate Cisco IOS Security a seven out of ten. It is a good product with scope for features such as link-by-link, integration with UTM, and load balancers.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Senior Engineer Data Center at a comms service provider with 1,001-5,000 employees
Real User
A straightforward initial setup with good technical support

How has it helped my organization?

This has improved the way our organization operates very well.

What is most valuable?

The most valuable feature is the support that we get.

What needs improvement?

In the next release of this solution, we would like to see support for the 100BT and 7000 models.

We have experienced bugs in the solution.

What do I think about the stability of the solution?

This solution is stable.

What do I think about the scalability of the solution?

I would rate the scalability of this solution at about eighty percent.

How are customer service and technical support?

Technical support for this solution is very good.

How was the initial setup?

The initial setup of this solution is straightforward.

What about the implementation team?

We deployed this solution ourselves.

What was our ROI?

There is a return on investment with this solution. 

What's my experience with pricing, setup cost, and licensing?

The licenses for this solution are expensive.

What other advice do I have?

This is a good solution, and one that I recommend, but sometimes we have bugs.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Director Network Engineer at Therap Services
Real User
Offers good security and is easy to use
Pros and Cons
  • "The stability of this solution is excellent."

    What is our primary use case?

    Our primary use case for this solution is internet security at the edge.

    How has it helped my organization?

    Cisco IOS Security gives us a level of trust at the edge as far as being the first line of defense for anything that's trying to get into our network.

    What is most valuable?

    The feature I find most valuable is that the solution doesn't really change from year to year. The basics are there and I have so much experience with it that it's easy to use. I also like the security this solution offers.

    What needs improvement?

    External threats are changing every day, so there are new features coming in. We're more into the command line interface rather.

    For how long have I used the solution?

    Offers good security and is easy to use

    What do I think about the stability of the solution?

    The stability of this solution is excellent. 

    What do I think about the scalability of the solution?

    We are very satisfied with the scalability of this solution.

    How are customer service and technical support?

    The technical support is excellent. We've contacted the tech team a few times and the turnaround time was always almost immediately.

    Which solution did I use previously and why did I switch?

    We've always been using this solution and we haven't seen a need to change from it so we haven't looked at other vendors in quite a while because we are totally satisfied with what we have.

    How was the initial setup?

    The initial setup was straightforward and we did the deployment ourselves. We could go on the internet for any reference that we needed.

    What's my experience with pricing, setup cost, and licensing?

    We have to renew our license every three years.

    What other advice do I have?

    My rating for this solution is a ten out of ten because it does everything I need and it is easy enough to use. My advice to others is to definitely have it on their list of vendors to take a look at. I really recommend this solution.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Senior Pre Sales Engineer at IKUSI
    MSP
    Gives us better efficiency and is a secure option for platforms and gateways
    Pros and Cons
    • "Cisco IOS allows us to keep the same security features as our principal offices."
    • "I think setup could be one area for improvement, because sometimes we don't have people inside so we have to move to the place."

    What is our primary use case?

    We use this solution to connect branch offices and keep the security on each one.

    How has it helped my organization?

    Cisco IOS allows us to keep the same security features as our principal offices.

    What is most valuable?

    We can access control lists and VPN tunneling.

    It gives us better efficiency.

    What needs improvement?

    I think setup could be one area for improvement.

    I would also like to see them add integration with cloud solutions like Umbrella, as well as some monitoring improvements. This would let us connect a new platform and cloud solution for a site.

    What do I think about the stability of the solution?

    Cisco's high stability is a well known feature.

    What do I think about the scalability of the solution?

    It is scalable. We can go to another platform and keep the same functionality.

    How are customer service and technical support?

    I think we have great support from Cisco for this. I haven't used it personally, but I have heard good things.

    Which solution did I use previously and why did I switch?

    I think we used Firepower. We work specifically with Cisco.

    What about the implementation team?

    I think the initial setup was simple. We have a lot of documentation and a guide that we can follow.

    What was our ROI?

    Thinking about the ease of managing these platforms and the technical support that we have, we can avoid extra costs and investments. We've saved time allowing our staff to work on other things that have saved money overall.

    What other advice do I have?

    My advice is that this is a very secure option for platforms and gateways using the Cisco IOS security feature.

    I would rate Cisco IOS as ten out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
    PeerSpot user
    Salim Almusalhi - PeerSpot reviewer
    Network Engineer at PART
    Real User
    Has good routing features and is easy to use
    Pros and Cons
    • "I've found their network routing to be very good."
    • "I wish it would be more like the next generation firewall technology. There should be more selection between the application and filtering."

    What is our primary use case?

    We use Cisco IOS for security prevention. It enables us to check the network.

    How has it helped my organization?

    I didn't think that they would put servers in the DMZ. It also protects us from hackers; we haven't had any issues with them.

    What is most valuable?

    I've found their network routing to be very good.

    It is also stable, has good scalability and is easy to use. 

    What needs improvement?

    I wish it would be more like the next generation firewall technology. There should be more selection between the application and filtering.

    I would appreciate updates to reporting, in terms of data entry.

    For how long have I used the solution?

    We have been using Cisco IOS for more than eight years.

    What do I think about the stability of the solution?

    We don't have any issues with stability. Cisco is always stable.

    What do I think about the scalability of the solution?

    Scalability is easy.

    How are customer service and technical support?

    We have a contract with the representative of DEO support, not just Cisco. So we have local support. If we have any issue, they respond to us directly by phone.

    How was the initial setup?

    The initial setup was easy. There are step-by-step instructions, like many of their other products.

    What was our ROI?

    The solution is definitely valuable for us.

    What's my experience with pricing, setup cost, and licensing?

    The licensing is on a subscription basis, and it is fairly costly. I would prefer a one-time payment.

    What other advice do I have?

    My advice is to take this firewall. It is really good. I would rate Cisco IOS as eight out of ten.

    The next-generation firewalls, like UTM, have paper-thin single boxes. They should follow the same projects, like the next-generation firewall. They have everything like 40GBs in a single box, along with filtering applications, like VPN and SSN. They also have reporting features.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Product Manager - Wireless / IT Support Manager at a tech services company with 51-200 employees
    Real User
    Straightforward initial setup and good scalability
    Pros and Cons
    • "You can scale it when you need to."
    • "If they could increase the performance a little better because the device sometimes gets slow."

    What is our primary use case?

    Since we do system integration, we have a lot of clients we deploy. There is not really a single case to point to because we have multiple clients. It depends and can vary from customer to customer.

    What is most valuable?

    Defending the business processes.

    What needs improvement?

    If they could increase the performance a little better because the device sometimes gets slow. If they could increase the performance it would be great.

    For how long have I used the solution?

    I've been using this solution for between seven and eight years.

    What do I think about the stability of the solution?

    The solution's stability is quite good. We have about six hundred users.

    What do I think about the scalability of the solution?

    The scalability is quite good. You can scale it when you need to. As you go, you can scale it. It's quite scalable. It's quite good.

    How are customer service and technical support?

    I haven't used technical support yet.

    Which solution did I use previously and why did I switch?

    We have been using this solution for six or seven years; we didn't use another solution before.

    How was the initial setup?

    The initial setup was very straightforward. It only took a couple of hours, it doesn't take long.

    What other advice do I have?

    In terms of advice, I would suggest others should use it. It is quite a good product, it is one of the market leaders. I believe it could be as good as other solutions. There are two things you require: one is support and the other one is credibility. Both are there with this product.

    I would rate this solution eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Fadil Kadrat - PeerSpot reviewer
    Network Engineer at Banque des Mascareignes
    Real User
    Scalability suits all enterprise needs, but it could use a better interface
    Pros and Cons
    • "The VPN is the most valuable feature."
    • "The routers, don't have like long-term tendency features, or higher availability features available for the IOS. It could also use a better user interface."

    What is most valuable?

    The VPN is the most valuable feature. 

    What needs improvement?

    With Cisco IOS, especially the routers, don't have like long-term tendency features, or high availability features available for the IOS. Also, it could use a better user interface.

    For how long have I used the solution?

    I've been using the solution for 8 years.

    What do I think about the stability of the solution?

    The solution is extremely stable. It's one of the best. It's a stable solution.

    What do I think about the scalability of the solution?

    In terms of scalability, it definitely suits all enterprise needs. The product is all we need for today's enterprise, for the client. For me, in terms of scalability, Cisco has the full package.

    How are customer service and technical support?

    Technical support is very good.

    Which solution did I use previously and why did I switch?

    I have used FortiGate and Palo Alto.

    How was the initial setup?

    In terms of initial setup, it depends on the one doing it, but I never had any difficulties or struggled to integrate. For me, Cisco is always easy to set up. It's straightforward. Deployment is pretty fast, but sometimes it takes time to implement and to put into production. Deploying, confirmation, and then setting up the devices is straightforward. The most important part is migrating to production. This is sometimes the most important. Again, that depends on the criticality of the environment. It can be done in hours or sometimes weeks. 

    Under my supervision, for at least a hundred parts, one other person and I are needed for deployment. That's it. Two people.

    What about the implementation team?

    I implemented the solution myself. I am an integrator.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is very expensive. Normally I do a yearly contract; I don't know the exact pricing, but it's around $75,000 USD per year. That's the standard licensing.

    What other advice do I have?

    Cisco is one of the greatest. The Cisco stack is the best. If you don't know it, don't go for the solution because it gets very complex. If you are new to the security, don't go for Cisco. But if you are experienced and you know how to do it, it's one of the greatest solutions.

    I would rate this solution 7 out of 10. The solution is always stable, but there are many security features that Cisco is behind on today. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Solution Architect at Bilicha Technology
    Real User
    Supports mobile devices on an enterprise network firewall including iOS and Android
    Pros and Cons
    • "We use Cisco IOS Security mostly for routers to route off the firewall. It's a next-generation device."
    • "Most of their features are meant for Cisco. You cannot integrate them with any other vendor."

    What is our primary use case?

    I use Cisco IOS Security. We install it for people. We have a very small network station. We don't use Cisco IOS Security very often, but we install it for clients. 

    We use Cisco IOS Security mostly for routers to route off the firewall. It's a next-generation device. With firewalls, we can connect the solution for the mail cloud. 

    We've deployed with Fortinet FortiGate. We don't use it much. We use Cisco IOS Security to manage for enterprise clients.

    Our primary use case for this solution is in the insurance industry.

    How has it helped my organization?

    Cisco IOS Security has not improved my organization. We use it for our clients. It helps their workers to be more secure in operations.

    What is most valuable?

    We interpret the additional protection to be very important now. Cisco IOS Security is used with client mobile devices on the firewall.

    What needs improvement?

    We don't love everything about the product. For now, it's what we're using. It's okay. It is difficult to set up. The training is okay. The pricing is standard.

    It will be great if they can make it more easy to use the features. The interface is not user-friendly, but a normal IT technician can handle it.

    Most of the features only work with Cisco equipment. It's about connectivity. Most of their features are meant for Cisco. You cannot integrate them with any other vendor.

    Cisco needs to be more flexible with the integration of other solutions.

    For how long have I used the solution?

    I've been working on this for let's say three years now.

    What do I think about the stability of the solution?

    It's not stable if you don't have Cisco gear in your network. If you don't have Cisco equipment within your network, you cannot access powerful pieces of the software.

    What do I think about the scalability of the solution?

    The scalability of Cisco IOS Security is good. It's very fast. It's not universal because most of the features require you to have Cisco equipment in your network. 

    How are customer service and technical support?

    If you ask technical support on how to solve some issues, it does help. We do fine with Cisco support. It comes with the equipment.

    We provide our clients with six months of in-house support. We pay Cisco for it. The support is okay.

    How was the initial setup?

    The initial setup is straightforward, but when it comes to complex settings like the firewall, it is not easy. Most of the features that come with it work only with Cisco devices.

    You have to have experience before you try to use it. You need to make sure you have it your router by Cisco. Some features only work with Cisco equipment.

    What we do is we set up everything. We have to go on-site. It doesn't take time to deploy it. The time required to work on the project can take up to two weeks.

    What about the implementation team?

    We did the setup mostly with our team. We are consultants. We worked with a reseller. Cisco has an integrator software team too.

    What's my experience with pricing, setup cost, and licensing?

    Our licensing costs for the solution are on an annual basis. It should be every five years.

    What other advice do I have?

    On a scale from 1 to 10, I would rate Cisco IOS Security at 9/10.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
    PeerSpot user
    Networks Lead Engineer at a mining and metals company with 1,001-5,000 employees
    Real User
    Increased endpoint security but is overall a very complicated product
    Pros and Cons
    • "Previously, anyone in the organization would see any data point in the wall. They could just go and connect their machine with that data point and could access the network. But now, even if someone came and tried that, they will not be given access."
    • "We have a very bad experience on the support. They take too much time requesting logs, and they are not coming directly online to resolve the issues."

    What is our primary use case?

    We use it for endpoint security, to control access to our edge level. Basically, Cisco IOS checks the identity of each endpoint (printers, etc.). There's a specific group allowing the printer to immediately connect to the network. Also, if there is a laptop, for example, then the IOS will tell you, okay this is a laptop, please add the user name and password to access the network. Once it gets authenticated with IOS, they will still do something like posturing, checking the compliance list. For example, if a laptop doesn't have an updated antivirus or updated patches - if it's non-compliant with any one of those things, the system will reject it and isolate it in a special network, so it cannot access our network. 

    How has it helped my organization?

    Previously, anyone in the organization would see any data point in the wall. They could just go and connect their machine with that data point and could access the network. But now, even if someone came and tried that, they will not be given access. Because Cisco IOS will ask for the identity. So, you will now need to give your identity. If you are not part of the organization, you will not be given access.

    What needs improvement?

    I think it's a complicated product. It is very complicated, especially in the design. If in some way you mess up the logic and design, you can really mess up and you will hate your life. The dashboard is actually very complicated. There's a lot of options. They don't need to do this. They need to make it more simple. Going to the direct point, showing what to do, where to configure, how to make the policy. They need to simplify the dashboard management more. Also, they need to improve the dashboard statistics. We need to see the statistics in a more organized way and clear. Reporting features, I think are also missing. It should be there.

    Maybe they need to add in posturing. Cisco is able to check if a device is updated or not. Taking action to isolate it outside the network, and then requesting automatically for the updates to that system would be helpful. It's something in automation they can improve.

    For how long have I used the solution?

    I have been using the solution for 1 year.

    What do I think about the stability of the solution?

    Initially, we faced some stability problems with the wifi systems. And sometimes it authenticates, sometimes it doesn't. But, overall, it's 90% stable. It's not causing many problems, because, no one is touching that. No one is touching that box.

    How are customer service and technical support?

    Their support was very bad. We have a very bad experience on the support. They take too much time requesting logs, and they are not coming directly online to resolve the issues. They keep asking about a lot of things. And they know that we are not expert in the system. So, we are wasting our time. And it takes time to respond. Sometimes one single issue will stay on the stack for three weeks, just to resolve it. The last ticket for me reached six weeks, not three weeks even. They are not like that in all products. Just this product.

    How was the initial setup?

    The initial setup was very complicated. For the initial setup, you need to configure the TAC servers and assigning the password, user name and the group for authenticating, etc. The deployment took more than three months.

    What about the implementation team?

    We used a vendor. We are not doing anything ourselves except for the basic things. We are using the vendors to do this. Not everything is handled by vendors; only, again, for the complicated products. We try to approach the integrators to do it.

    Which other solutions did I evaluate?

    I did not evaluate other options. I was thinking maybe Aruba might be a good option, but I did not switch over to it actually because Cisco's a big company and known in the market.

    What other advice do I have?

    Even now, we are not fully utilizing the features because it'll add complicated things. I would rate this solution 7 out of 10 because of both support and interface. After this experience, next time in any project we are going to go more secure. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    FadilKadrat - PeerSpot reviewer
    Network Engineer at Banque des Mascareignes
    Real User
    Enables us to securely transfer data over the internet network but I would like the ability to automatically load balance
    Pros and Cons
    • "I'm able to transfer data over internet network security. With the GRE I'm able to transfer data within one bunch to another bunch in a public way, like the internet. The communication is encrypted and is private. It gives me added privacy."
    • "There's a technology called SD-WAN that we would like to see. We are unable to handle multiple connections or to automatically load balance. I would like to have a feature that enables us to automatically prepare for load balancing."

    What is our primary use case?

    I usually use it for GRE channels and VPNs. Is very stable and is a good solution. It has been stable.

    How has it helped my organization?

    I'm able to securely transfer data over the internet network. With the GRE I'm able to transfer data within one site to another sites in a public way, like the internet. The communication is encrypted and is private. It gives me added privacy.

    What is most valuable?

    The GRE kernels and IPSEC security are the most valuable features.

    What needs improvement?

    There's a technology called SD-WAN that we would like to see. We are unable to handle multiple connections or to automatically load balance. I would like to have a feature that enables us to automatically prepare for load balancing.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    It is stable but is missing functionalities. For example, everyone is bound to one single router. 

    This product is being used on a daily basis, 24/7. We are a bank, so it is always running. We have no downtime and our customers don't have any downtime. 

    What do I think about the scalability of the solution?

    You can do a lot in terms of the scalability. In my department, I have 11 branches that are using it and everything works flawlessly for them. 

    How are customer service and technical support?

    Cisco's technical support is the best. 

    Which solution did I use previously and why did I switch?

    I have previously used FortiGate and I didn't switch solution, I switched companies. Cisco is stable once it is up and running. You can forget about it, it's going to work unless the hardware fails. As your centers deploy, make sure it's configured and up and running. You just have to put it there and forget it.

    How was the initial setup?

    The complexity of the initial setup will depend on your level of expertise and your experience with the product. It was simple for me but I have seen others struggle with it.  

    Usually, when I did deploy I do it on a lap setup. The time it takes depends mostly on how we are going to plan the deployment. It can be done within a day or a week.

    What about the implementation team?

    Sometimes we will use an integrator for the deployment and sometimes we will do it ourselves. 

    What was our ROI?

    The return on investment has already been achieved and it is great.

    What's my experience with pricing, setup cost, and licensing?

    The solution is a one-off fee once, it's just a matter of whether we are using IOS security you want to use the IT functionality, you need to have the security licenses.

    What other advice do I have?

    It's a good product you just have to have someone that really knows how to configure it otherwise it's going to be a nightmare.

    I would rate it a seven out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Operational Risk Manager at a financial services firm with 1,001-5,000 employees
    Real User
    Scalability and some enhancement to our security posture have been key for us
    Pros and Cons
    • "The most valuable feature is the scalability. The nice thing with the bigger vendors is that they're very good at scale."
    • "I would like to see much more embedded security that works and that isn't a bolt-on."

    What is our primary use case?

    We use it for routing and switching, VPNs, connectivity to some degree, and firewalls.

    How has it helped my organization?

    In certain spots it has improved our security program's maturity, for example around virtualization and network segmentation.

    What is most valuable?

    The most valuable feature is the scalability. The nice thing with the bigger vendors is that they're very good at scale.

    What needs improvement?

    I would like to see much more embedded security that works and that isn't a bolt-on.

    What do I think about the stability of the solution?

    It's pretty stable. The stability has been good.

    How are customer service and technical support?

    I would rate the technical support at eight out of ten. We've had a lot of good feedback. 

    Which solution did I use previously and why did I switch?

    Different products come and go but we've been using Cisco for 20 years. 

    What about the implementation team?

    We use every consulting firm and probably most integrators, depending on the project. On any day it could be Deloitte, Accenture, etc.

    What was our ROI?

    I'm sure we've seen ROI. Routing is better than picking up a file, carrying it to you and handing it to you. But it's been in place for quite a long time.

    What other advice do I have?

    Look at this solution and figure out what you're trying to accomplish. You should probably augment it with some other vendors as well. I'm not a big single-vendor type of person. I don't think anyone does it perfectly well. With Cisco, you bring them in for their core competencies which are routing, switching, and virtual networking. Then you augment it with some security vendors that have been doing security the entire time.

    I would rate it at eight out of ten. It's not a ten because of the criticisms around security.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Dmitriy Ronkin - PeerSpot reviewer
    Networking Specialist at Transportation
    Real User
    EEM is a valuable feature for turning a Cisco device into a programmable device.

    What is most valuable?

    EEM (Embedded Event Manager) is a software component of Cisco IOS.

    I found that EEM is a handy feature [but it is an underdog for the end user] if fine tuning of monitoring is required or if you would like to turn a Cisco device (switch or router) into a programmable device (without fancy words like ACI or Python, etc.). It is low level but efficient and money saving. It is available by default (but check the IOS feature support first). For curious minds, it could be used in combination with IP SLA and tracking features, a network engineer Swiss army knife.

    How has it helped my organization?

    • Increased monitoring level for KPIs normally not tracked by network management systems.
    • Ability to correlate events and report back in a predefined format/customized message on the switch.
    • Making a Cisco switch act as a network event sensor is enhancing visibility on the network.

    What needs improvement?

    • Tailored monitoring/notifications and some sort of added intelligence moved now to the edge of the network. (Actually, it could be done at any point of network: core, distribution, or access.)

    What do I think about the scalability of the solution?

    As it is a tailored solution, it is not very scalable, but this is a trade off; you need a hammer or a scalpel. And EEM is a scalpel.

    What's my experience with pricing, setup cost, and licensing?

    No licenses but what comes with the features of IOS.

    Which other solutions did I evaluate?

    Before choosing this product, we evaluated other options. I looked for a tailored solution.

    What other advice do I have?

    The competition (like Juniper) do offer similar approaches (scripting capabilities, but I did not look into the details). The question is that in many cases, users are not extending their expertise to adopt these money/time-saving features that vendors provide with their OSs.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user5274 - PeerSpot reviewer
    Network Manager at a insurance company with 1,001-5,000 employees
    Vendor
    Good features. But when I converted it into a zone-based firewall, CPU utilization shot up and network performance slowed down.

    Valuable Features:

    1. Cisco IOS Security feature provides key features such as AAA, VPN, IPsec, content filtering, IPS, etc in all IOS based Cisco devices. 2. I like it because they include powerful security features that come with all Cisco Router and Switch from low to higher end. 3. It helped me to convert my Cisco router into a zone-based policy firewall. 4. It helped me to implement port security at my switch end. 5. I have implemented AAA in all Cisco routers and switch easily. 6. I have configured VPN server in a Cisco router with ease compare to OPENVPN configuration in a Linux OS environment.

    Room for Improvement:

    1. IOS security related IPS facility is not as strong as Cisco ASA and the signature file of IPS does not update automatically like Cisco ASA. 2. When I converted the Cisco router into a zone-based firewall, CPU utilization shot up and slowed down network performance.

    Other Advice:

    Cisco IOS security feature is the most robust and simple security facility which nice and small to implement. It helped me protect my network from external and internal attack.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user1998 - PeerSpot reviewer
    Infrastructure Expert at a tech company with 51-200 employees
    Vendor
    The Best network security OS

    Valuable Features:

    Cisco IOS is the best OS for Cisco routers and switches. There are a lot of plus points of using Cisco IOS. A brief introduction about them are as follows.AAA- Cisco IOS has a lot advantages while using AAA. It can use various encryption services which also includes EAP with Radius.Firewall- You can use Cisco IOS Advance IP Services for creating Zone based firewalls on Cisco Routers.TCP Intercept- It prevents DDOS attacks quite effectively.PKI- You can use RSA keys in PKI. Also lets you use Certificates in PKI.VPN- Almost any type of VPN can be configured using IOS security. Site to site or remote. 802.1X- This facility has helped a lot of organizations and ISPs to maintain authentication for their users.

    Room for Improvement:

    It is very hard to find any limitations of this OS Still when you use this as Zone based firewall you can see its limitations. You need to restrict traffic with ACL, which is fine but you need to create too many ACLs. Hence management of ACLs is a tedious task. Works better with TACACS+ which is Cisco proprietary. WAN connectivity is difficult on a router which is running IOS Security.

    Other Advice:

    The best OS from my point of view in Cisco IOS is Advanced IP Services. This OS has changed the definition of network security by using the router. The use of VPN concentrator is coming to an end because this OS can handle any kind of VPN using the router, so no need of VPN concentrators.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Cisco IOS Security Report and get advice and tips from experienced pros sharing their opinions.
    Updated: December 2022
    Buyer's Guide
    Download our free Cisco IOS Security Report and get advice and tips from experienced pros sharing their opinions.