Cisco Secure Firewall Pros
MC
Reviewer43898
Engineering Services Manager at a tech services company with 201-500 employees
One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now.
View full review »JV
Joland Van Londen
Project Engineer at Telindus B.V.
The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands.
View full review »EV
Ed Vanderpool
IT Technical Manager at Adventist Health
Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be.
View full review »Buyer's Guide
Cisco Secure Firewall
June 2023

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
710,326 professionals have used our research since 2012.
I love the ASDM (Adaptive Security Device Manager) which is the management suite. It's a GUI and you're able to see everything at a glance without using the command line. There are those who love the CLI, but with ASDM it is easier to see where everything is going and where the problems are.
View full review »AF
Andreas Pedersen
Systems Engineer at a tech services company with 11-50 employees
The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable.
View full review »RG
Raufuddin Gauri
Network & Security Engineer at Oman LNG L.L.C.
It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS.
View full review »FM
Francesco-Molino
Practice Lead at IPConsul
The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic.
View full review »SB
Shashidhara B N
Director & CIO of IT services at Connectivity IT Services Private Limited
ASA integrates with FirePOWER, IPS functionality, malware filtering, etc. This functionality wasn't there in the past. With its cloud architecture, Cisco can filter traffic at the engine layer. Evasive encryptions can be entered into the application, like BitTorrent or Skype. This wasn't possible to control through a traditional firewall.
View full review »Cisco's engineer helped us with a lot of scripting to see what existed. Previously, we didn't have a proper policy. In fact, we didn't have any policy because we didn't have any firewall for the data center, so generating a policy was a big challenge. Cisco's engineer helped us to do some scripting and find out what kind of policy we can have and organize those policies. That was nice.
View full review »The return on investment is not going to be restricted to just the box... Now, these genres have been expanded to cyber, to third-party integrations, having integrated logging, having integrated micro and macro segmentations. The scope has been widened, so the ROI, eventually, has multiplied.
View full review »Cisco Secure Firewall Cons
MC
Reviewer43898
Engineering Services Manager at a tech services company with 201-500 employees
The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area.
View full review »JV
Joland Van Londen
Project Engineer at Telindus B.V.
The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore.
View full review »EV
Ed Vanderpool
IT Technical Manager at Adventist Health
One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically.
View full review »Buyer's Guide
Cisco Secure Firewall
June 2023

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
710,326 professionals have used our research since 2012.
A feature that would allow me to load balance among multiple ISPs, especially since we have deployed it as a perimeter firewall, would be a great addition.
View full review »AF
Andreas Pedersen
Systems Engineer at a tech services company with 11-50 employees
On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it.
View full review »FM
Francesco-Molino
Practice Lead at IPConsul
I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here.
View full review »SB
Shashidhara B N
Director & CIO of IT services at Connectivity IT Services Private Limited
There are some limitations with SSL. Regarding the security assessment for the ISO 27000 standard, there are certain features that Cisco needs to scale up. Not all products support it, so you need to be slightly careful, especially on the site track.
View full review »Its implementation was not straightforward. It was mainly because we were running two projects together.
View full review »The only improvement that we could make is maybe [regarding] the roadmap, to have better visibility as to what we are targeting ahead in the next few quarters.
View full review »SM
Syed Mohsin Ali
Team Leader Network and Mail Team at a energy/utilities company with 10,001+ employees
The operation of the ASA is good but the problem is that whenever you require an upgrade, there are multiple pieces of software that you have to upgrade. Extensive planning is required, because if you upgrade one piece of the software it has to be compatible with the others as well. You always need to check the compatibility metrics.
View full review »Buyer's Guide
Cisco Secure Firewall
June 2023

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
710,326 professionals have used our research since 2012.