Cisco Secure Firewall Reviews

We are currently utilizing the Cisco Secure Firewall, partially due to its historical relevance and partly because Cisco continues to maintain a prominent position in providing client VPN access.

We have employed Cisco Firepower and ASA on Firepower to facilitate client VPN access and to enforce fundamental layer four security policies.

We utilize security products in central locations to provide VPN access for clients throughout Europe.

The implementation of the Cisco Secure Firewall has had a positive impact on our organization, as evidenced by our ability to use our store apps on mobile devices through AnyConnect even when Wi-Fi is unavailable. This is made possible by the utilization of 3G, 4G, or 5G internet access while maintaining a secure connection on our mobile devices.

Cisco Secure has enabled my organization to save time, as demonstrated by our ability to swiftly open new stores by utilizing applications on mobile devices without having to establish the entire infrastructure at once. The amount of time saved varies depending on the country we are operating in, ranging from weeks to months.

The most beneficial aspect of the Cisco Secure Firewall is the AnyConnect component within the firewall package, which we selected specifically for VPN usage due to its exceptional integration with various third-party devices and applications.

The overall licensing structure could improve to make the solution better.

I have been using Cisco Secure Firewall for approximately 15 years.

My experiences with the Cisco Secure Firewall support have varied. Since we access it through a partner, some issues are quickly resolved, while others require more time and effort.

I rate the support from Cisco Secure Firewall a six out of ten.

Neutral

While I have not personally utilized other security products, our organization also employs FortiGate devices and applications for security purposes alongside Cisco Secure Firewall.

Acquiring licensing for Cisco Secure Firewall can be a bit cumbersome, therefore a more straightforward licensing process would be preferable. 

The licensing process can be frustrating, as it requires selecting between on-box or per-client options and other related considerations. Simplifying this process would be beneficial.

We are using access switches, routers, catalysts, and ISR products. Additionally, we are using Cisco as a platform, which is somewhat old, and Cisco ASA on Firepower devices.

I would advise others to thoroughly evaluate their requirements before selecting a security solution. While some products may seem like an obvious choice, it is important to take the time to assess the available options and determine which one best suits your specific needs. This approach is wise and can ultimately lead to a more effective security solution.

I rate Cisco Secure Firewall a seven out of ten.

I'm working as a Solution Architect for an energy provider in Austria. We have approximately 1,500 people working in Austria and also in some neighboring countries.

We are using Cisco Secure Firewall. We started with Cisco ASA long ago, and now, we have Cisco Firepower or Cisco Secure Firewall. We are using the product as a perimeter firewall and for remote access VPN and site-to-site VPN tunnels with other partner companies. So, the primary use case of Cisco Secure Firewall is to secure our perimeter, but it's also for the remote access VPN for employees in the home office or if they are outside the company.

The benefit of using Cisco Secure Firewall is that there is a lot of integration with other Cisco products like Cisco ISE or even with third-party systems. It's important to have these integrations with other systems. On one hand, you get more visibility, and on the other hand, you can also use the information that you have from the firewall in other systems, such as a SIEM or other similar things. You overall get better visibility and better security.

In terms of securing our infrastructure from end to end so that we can detect and remediate threats. When it comes to detection, it's pretty good because you have the background of Cisco Talos. I can't say if it's the truth, but they probably are one of the top players in threat hunting, so it's pretty good at detecting known things that are outside.

The most valuable features of the product are the VPN and the NextGen firewall features such as application control, URL filtering, etc. These features are especially valuable because nowadays, it's not enough to just filter for source and destination IPs. You need more insights or visibility to see which applications are passing your perimeter, which applications you want to allow, and which ones you want to block. Without this visibility and these features, it's a little bit hard to secure your network.

There is room for improvement in the stability or software quality of the product. There were a few things in the past where we had a little bit of a problem with the product, so there is room for improvement. In the past, we had problems with new releases. 

Also, from the beginning, some functionalities or features have not worked properly. There are bugs. Every product has such problems, but sometimes, there are more problems than other products, so it's definitely something that can be improved, but Cisco seems to be working on it.

There is room for improvement in the stability of the product.

I know that there are several models for every type of scale that you need. For small branches up to the data center or even for the cloud, there are models, but so far, we only have one cluster. Among all these different types, we found the perfect matching size for our company.

The Cisco support with Cisco TAC is pretty good. With the TAC Connect Bot that you have with WebEx, you can easily open a case or escalate the case through the WebEx app. That's pretty cool. Also, the engineers that are working for Cisco TAC are really good. Among all the vendors that we have in place, it's the best support that we have experienced. I'd rate them a 10 out of 10 because compared to the other vendors that we have in place, it's definitely the best support.

Positive

We have a multi-vendor strategy for the firewall so that if there is some security issue in the software or something like that, you are not directly impacted, and there is another vendor in between. If I compare Cisco Secure Firewall with the other vendor that we have in place, the pro for Cisco Secure Firewall is that detection is better with the database of Talos. The con that comes to my mind is the deployment time when you deploy a change. With the other vendor, the change is more or less deployed immediately, whereas, with Cisco Secure Firewall, you have to wait for a few minutes until the change is deployed. This is one of the biggest cons on this side because if there's a misconfiguration, you are not able to correct the issue as fast as with the other vendor.

We migrated from Cisco ASA to Cisco Firepower, and it was straightforward because there were some migration tools to export the old ASA rule set and import it into Cisco Secure Firewall. With these tools and the documentation that you find on Cisco's site, it was pretty straightforward, and we had nearly no problems with the migration to Cisco Secure Firewall.

In terms of the deployment model, we have one high-availability cluster, and, of course, FMC to manage this cluster. These are physical clusters, and we have them on-prem in our data center.

For deployment, we worked with our partner who helped us a little bit with the migration. Our partner's engineer had good knowledge and supported us when we had questions. When we didn't know how to do something, they helped us with that.

The licensing models that are available for Cisco Secure Firewall are okay. You have nearly every option that you need. You can pick filtering, advanced malware protection, or all the available features. It's sufficient.

In terms of pricing, there are, for sure, some cheaper vendors, but overall, it's nearly the same. It has a fair price.

To those evaluating Cisco Secure Firewall, I'd advise thinking about what are your use cases and what's your goal to achieve with this product. It's also a good idea to talk to other customers or a partner and ask them what's their experience and what they think about it, and if it's suitable for this use case or not. And, of course, it's also a good idea to do a proof of concept or something like that.

At the moment, I'd rate Cisco Secure Firewall a six out of ten. The reason for that is that we are having some problems with the stability and functionality of the product, but there are also features, such as VPN, that are working from day one without a problem. So, there are good parts, and there are parts that are not working as well as we would like them to, but we and Cisco TAC will solve this in the future, and then the rating will go up.

We use WSA proxy and Cisco Firepowers with the FMC suite and Cisco Umbrella. We mainly use WSAP for on-premises data centers to get traffic outbound to the internet. Cisco Umbrella is for our endpoints, and Cisco firewalls are to protect our perimeter but also internal choke points to secure segments on our LAN.

Currently, we don't have any integrations between the three of them. They all run in isolation. 

Our external partner does the day-to-day management. We are not using it on a day-to-day basis. We position the products from within my team, but the detection mechanism is different per platform. We mainly trust the policy, and our security department is checking logs for anomalies in the patterns.

In terms of cost savings, we've been using this mechanism for years on end, so we haven't been able to see a real cost reduction between using our own personnel versus our external partner for management. It has been like that for 10 years or so.

In terms of time savings, it doesn't put too much burden on day-to-day activities to go over the details. The policies are rather straightforward, and anything not configured is not allowed. In that sense, it's easy.

Protecting our landscape in general and being able to see logging when things aren't going as set out in policies are valuable features. Our security department is keen on seeing the logging. 

If WSAP remains to be an active product, it might be an idea to integrate the configuration policy logic between Umbrella and WSAP. There should be one platform to manage both.

The integration between the on-prem proxy world and the cloud proxy would benefit us. One single policy setting would make sense.

That's great. Sometimes, you need to be clear on the severity levels, but once determined, we have a good experience with tech support.

Positive

That was long ago, but we had Blue Coat proxies before. We switched because of our strategy to go for Cisco as an ecosystem.

We chose Cisco products because we have a Cisco-first strategy. We typically check first with the Cisco product portfolio and then make up our minds. Historically speaking, it serves our interests best.

I am not involved firsthand in its deployment. We have an oversight role within our company, so we ask our external supplier to do the implementation, and when needed, to have it validated via Cisco, but I've no real hands-on experience.

I would expect that we have seen an ROI because our sourcing department would make sure we get the best price for the solution.

Licensing is quite difficult to get your head around. My biggest challenge is to understand the details, the inner relations. Luckily, to some extent, we have enterprise agreements, but licensing for me is a real black box.

I'd rate it an eight out of ten.

As a manufacturing company, we have to use many different concepts of firewalls. That's one reason we had to use a trusted firewall for security and trust reasons.

We use a top-down architectural level mostly. For this reason, Cisco Secure Firewall is the top product for us.

I would say that this solution has saved our organization's time because we are certified engineers and experts. It helps us to connect quite well with our customers on a professional level.

The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI.

I think that the solution can be improved with the integration of application-centric infrastructure. It could be used to have better solutions in one box.

I have been using this solution for around seven or eight years.

I've used different concepts of solutions before Cisco. Cisco is much better than Juniper, Brocade, or Foundry, as it is much easier to use and get directions from. It is also easier to integrate Cisco if you compare it with other customer concepts, such as Juniper, Brocade, or Aruba.

I am not involved in all Cisco firewall deployments. We also have an architectural team. We deploy based on a top-down level architecture and implementation structure.

When it comes to pricing, quality is important to us. When looking at products, we prefer quality over speed. Cisco is on that quality side mostly.

We are currently using the Cisco Firepower firewall, which is dependent on the situations in the data center and regional data center concepts. 

The way that this solution helps secure our infrastructure end-to-end is by enabling us to easily integrate all end-to-ends for monitoring.

Whether this solution saves us time depends on the situation. We use highly secure networks on the national security level and that's why it helps to use different products as Cisco is one of the best.

Overall, I would rate this solution a nine, on a scale from one to ten, with one being the worst and ten being the best.

Our primary use case for Cisco Secure Firewall is protection in our OT network. We have our OT network behind the commercial network and we do dual firewalls. The Cisco Secure Firewall is on the commercial network side and a different vendor and management group are on the OT network side.

Cisco Secure Firewall has not necessarily improved our organization as much as it has protected it against the impact of cyber threats. Our organization runs manufacturing plants that have hazardous material and we don't want that manufacturing process to be impacted by break-in exposure and cyber threats.

Cisco Secure Firewall is a good solution. In some ways, it is a reactive solution and we have it sitting in a whitelist mode rather than a blacklist mode. It seems to work fairly well for us.

It would be better if we could manage all of our firewalls as a set rather than individually. I would like to see a single pane of glass type of option. We also use another vendor's firewalls and they have a centralized management infrastructure that we have implemented. This infrastructure is a bit easier to manage.

We have used Cisco Secure Firewall for probably 10 years.

Cisco Secure Firewall has been a very stable solution for us. In general, if you keep it up to date and do sensible management on it, it will be a very stable solution.

Cisco Secure Firewall has met our scalability requirements as far as traffic and management goes.

We have an excellent account team and they go to bat for us inside of Cisco. We have access to TAC and Smart Net and that all seems to be working out very well. Cisco has a good team in place.

We did not previously use a different solution for this particular use case. 

I was not involved in the initial deployment of the solution. 

In this specific use case, the biggest return on investment is that we do not have incidents. This ultimately – in some of our factories – ends up being a health and human-safety use case.

We have all smart licensing and that works well. 

We ultimately chose Cisco Secure Firewall because it came with a strong recommendation from one of our strong partners.

My advice to those evaluating the solution right now is this: understand what you're trying to protect and what you're trying to protect it from. Also, understand how the solution is managed.

Cisco Secure Firewall has not necessarily freed up our staff's time as much as it has secured the infrastructure and the OT network behind it. Cisco Secure Firewall was not built as a time-saver. It is not a cost solution. It is a solution meant to isolate and control access to and from a specific set of infrastructure.

Cisco Secure Firewall has not helped us consolidate tools and applications. It allows us to get access. What we're seeing more and more of is business systems like SAP looking to get access to OT systems and this is how our systems get that way.

Cisco Secure Firewall requires the sort of maintenance that any software product would: updates, asset management, etc. Worldwide, we probably have 30 to 40 people managing the solution on the OT side on the various sites and then probably 10 to 15 people on our account team with our outside partner.

We mainly use it for ICS security.

We definitely feel more secure. We have more control over things going in and out of our network.

Cybersecurity has been our top priority because of the last few attacks on our peers in the oil and gas industry.

The IPS solution helps us to not only navigate north-south traffic, but also east-west traffic.

Third-party integrations could be improved.

Not everything works out-of-the-box. Sometimes, you have to customize it to your needs. 

I have been using it for two years.

It is stable for the most part.

There is maintenance needed for software, firmware, and updates. Three or four people keep up with the updates, etc. 

It is pretty scalable. We can add as many devices as we want.

The technical support is good. I would rate them as 10 out of 10.

Positive

We previously had a different platform. We wanted to converge multiple platforms into one.

I switched companies. So, I have more experience with Palo Alto.

We saw immediate benefits after deployment from having more control and visibility.

Pretty much everything is included in the price for what we are using.

We looked at Check Point, Palo Alto, Fortinet, and a bunch of others. The management and support for the CIsco product is better.

Listen to your customers and see what their needs are.

The whole stack provided by Cisco is a holistic solution for cybersecurity experts, like myself, and companies who are looking to secure their network.

You should partner up with a good team to view all products available, which cater and are customized to your needs.

We haven't found any gaps where it is lacking.

I would rate this product as eight or nine out of 10.

We use it to control the traffic between our inside and outside networks. 

We use the same firewall for the vendor by creating an IPv6 HyperSec VPN between the company and the vendor. 

It is a security solution. We needed to protect our traffic from the outside to inside. That is why we are using this firewall.

Cisco ASA is pretty good. We use it for Layer 3 and as our main firewall, protecting the entire organization. All our Internet traffic goes through it.

Their CLI is pretty good. 

In order to do an upgrade, we need to upload the software to the firewall, then upgrade the secondary and do a failover. Uploading this software into the firewall is old technology. For example, if you look at the Cisco Meraki firewall, you can schedule the software upgrade. Whereas, here we can't.

Recently, we have been having an issue with the ASA firewall. We haven't found the root cause yet and are still working on it. We failed over the firewall from active to passive and suddenly that resolved the issue. We are now working to find the root cause.

I have been using the Cisco ASA firewall for the last four years.

It is pretty stable. I haven't seen many issues during the past four years.

It has the scalability to replace the firewall with a higher model number.

The scalability meets our needs and future needs.

The technical support is really good. If we open up a case, they are pretty good. As soon as we open up a case, they assign a case manager. Also, they have an engineer on call. I would rate them as nine out of 10.

Positive

They had this firewall when I joined the company.

We also have Palo Alto that we use as a firewall for Layer 2.

I haven't really used the GUI features that much.

We have not integrated with any other Cisco solutions yet, but we have been thinking about integrating with Cisco Umbrella.

I would rate the solution as eight out of 10.

We primarily use the solution for the various firewalls.

Cisco is powerful when it comes to detecting intrusions. It's better than, for example, Fortinet.

Cisco has multiple products - not just firewalls. The integration between other items provides a powerful end-to-end solution. It's nice and easy. There is one management system and visibility into all of the features. Using the same product is more powerful than using multiple systems. Cisco is known by most customers due to the fact that at least they have switches. However, when clients say "we need an end-to-end option" Cisco is there.

The stability is very good.

Technical support services are excellent.

Before an ASA, it was a live log. It was easy and comfortable to work with. After the next-generation firewall, Firepower, the live log became really slow. I cannot reach the information easily or quickly. This has only been the case since we migrated to next-generation firewalls.

There is some delay between the log itself. It's not really real-time. Let's say there's a delay of more than 20 seconds. If they had a monitoring system, something to minimize this delay, it would be good.

It would be ideal if I could give more bandwidth to certain sites, such as Youtube.

I work with Fortinet also, and I find that Fortinet is easier now. Before it was Cisco that was easier. Now Fortinet is simpler to work with.

On firewall features, Fortinet is better. Cisco needs to become more competitive and add more features or meet Fortinet's offering.

I've been using the solution since about 2003, when I originally implemented it.

The solution is extremely stable. We don't have any issues whatsoever. It doesn't have bugs or glitches. It works well. Occasionally, it may need patches, however, there's very little downtime.

The scalability of the solution is very good. We have no trouble expanding the solution.

They have multiple products that fit in multiple areas. They also have virtual firewalls, which are working well in virtualization systems. They have the data center firewalls feature for data centers. It's scalable enough to cover most of the use cases that might arise.

Cisco offers excellent technical support.  They're useful and very responsive - depending on the situation itself. Sometimes we require the support of agents and we've found Cisco to have one of the best support systems in the market.

I also work with Fortinet, and it's my sense that, while Fortinet is getting easier to use, Cisco is getting harder to deal with.

The initial setup is not complex at all. It's pretty straightforward.

A full deployment takes between two and three days. It's pretty quick to set up.

The pricing is neither cheap nor expensive. It's somewhere in the middle. If you compare it to Fortinet or Palo Alto, Fortinet is low and Palo Alto is very high. Cisco falls in the middle between the two.

As far as deployment options go, they often have more wiggle-room with discounts, especially for larger deployments. Therefore, in general, it ranges closer to Fortinet's pricing.

We're partners with Cisco, Fortinet, and Palo Alto.

I work with on-premises deployments and virtual firewalls, however, I don't use the cloud.

The solution works well for medium-sized enterprises.

Overall, I would rate the solution nine out of ten.

I'd recommend users to layer in solutions. At the perimeter, if they have two tiers, I'd recommend Palo Alto as the first and then Cisco ASA as the second. Cisco can work on the data center or Fortinet. In the case of Fortinet, they have the best backline throughput from all of the other products.