No more typing reviews! Try our Samantha, our new voice AI agent.
it_user1639512 - PeerSpot reviewer
Practice Lead at IPConsul
Video Review
Real User
Aug 1, 2021
Very easy to filter in and out on east-west or north-south traffic
Pros and Cons
  • "The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
  • "We are implementing Cisco Firepower at the Inter-VRF level so we can have some segmentation, and between ACI and all the Inter-VRF being done through Firepower, we are able to inspect local east-west traffic and really work towards segmentation in terms of routing in Firepower."
  • "I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
  • "I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower."

What is our primary use case?

We have multiple use cases for Cisco Firepower. We have two types of use cases:

  • Protect the perimeter of the enterprise.
  • Inter-VRF zoning and routing. 

The goal is to have some Firewall protection with a Layer 7 features, like URL filtering, IPS, malware at the perimeter level as well as inspecting the traffic going through that firewall, because all traffic is encrypted. We want visibility, ensuring that we can protect ourselves as much as we can.

In production, I am currently using Cisco Firepower version 6.7 with the latest patch, and we are starting to roll out version 7.0.

I have multiple customers who are running Cisco Firepower on-prem. Increasingly, customers are going through the cloud, using Cisco Firepower on AWS and Azure.

How has it helped my organization?

We are implementing Cisco Firepower at the Inter-VRF level so we can have some segmentation. For example, between ACI and all the Inter-VRF being done through Firepower, we are able to inspect local east-west traffic. It is great to use Cisco Firepower for segmentation, because on the Firepower, we now have a feature called VRF. So, you can also expand the VRF that you have locally on your network back to the firewall and do some more tweaking and segmentation. Whereas, everything was coming into a single bucket previously and you had to play around with some features to make sure that the leaking of the prefixes was not advertised. Now, we are really working towards segmentation in terms of routing in Firepower.

The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic.

Since SecureX was released, this has been a big advantage for Cisco Firepower. You can give a tool to a customer to do some analysis, where before they were doing it manually. So, this is a very big advantage. 

What is most valuable?

The IPS is one of the top features that I love.

The dashboard of the Firepower Management Center (FMC) has improved. The UI has been updated to look like a 2021 UI, instead of what it was before. It is easy to use and navigate. In the beginning, the push of the config was very slow. Now, we are able to push away some conflicts very quickly. We are also getting new features with each release. For example, when you are applying something and have a bad configuration, then you can quickly roll back to when it was not there. So, there have been a lot of improvements in terms of UI and configuration.

What needs improvement?

We saw a lot of improvements on Cisco Firepower when Snort 3 came along. Before, with Snort 2, we were able to do some stuff, but the bandwidth was impacted. With Snort 3, we now have much better performance.

I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here.

Buyer's Guide
Cisco Secure Firewall
July 2026
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
903,257 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Cisco Firepower for multiple years, around four to five years.

What do I think about the stability of the solution?

In terms of Firepower's stability, we had some issues with Snort 2 CPUs when using older versions in the past. However, since using version 6.4 until now, I haven't seen any big issues. We have had some issues, just like any other vendor, but not in terms of stability. We have had a few bugs, but stability is something that is rock-solid in terms of Firepower.

What do I think about the scalability of the solution?

Cisco Firepower scalability is something that can be done easily if you respect the best practices and don't have any specific use cases. If I take the example of one of my customers moving to the cloud, there is one FMC and he is popping new Firepower devices on the cloud, just attaching them to the existing policy and knots. This is done in a few minutes. It is very easy to do.

How are customer service and support?

When you open a ticket with Cisco tech support for Cisco FMC, you can be quite confident. Right away, the engineer onboarding is someone skilled and can help you out very quickly and easily. This is something that is true 90% of the time. For sure, you always have 10% of the time where you are fighting to get the right guy. But, most of the time, the guy who does the onboarding can right away help you out.

How was the initial setup?

The initial setup and implementation of Cisco Firepower is very easy. I am working with a lot more vendors of firewalls, and Cisco Firepower is one of the best today. It is one of the easiest to set up.

The minimum deployment time depends on really what you want to do. If you just want to initiate a quick setup with some IPS and have already deployed FMC, then it takes less than one hour. It is very easy. 

What takes more time is deploying the OVA of Cisco Firepower Management Center and doing all the cabling stuff. All the rest, it is very easy. 

If you are working without a Firepower Management Center and using Firepower Device Manager with Cisco on the cloud, then it is even easier. It is like the Meraki setup, where you just plug and play everything and everything will be connected to the cloud. It is very easy.

If you configure Cisco Firepower, it has to be based on Cisco's recommendations. You can view all the traffic and have full visibility in terms of applications, support, URL categorization, and inspect malware or whatever file is being exchanged. We also love to interconnect Cisco Firepower with some Cisco ISE appliances so we can do some kind of threat containment. If something is seen as a virus coming in from a user, we can directly tell Cisco ISE to block that user right away.

What about the implementation team?

I am working for a Cisco Professional Services Partner. We have only one guy deploying the devices. We don't require a big team to deploy it. In terms of configuration, it takes more people based on each person's skills because you have multiple areas: firewalls, IPS, knots, and routing. So, it depends on which skills will be required the most.

For maintenance on an average small to medium customer, it takes one to two people. When it is a big customer with multiple sites, you should have a small team of four to five people. This is because it is mostly not about creating the rules, but more about checking and analyzing the logs coming through Cisco Firepower Manager Center.

What was our ROI?

Whether Cisco Firepower reduces costs depends on the architecture that you are on. I had some of my customers answer, "Totally, yes," but for some of them that is not really true.

What's my experience with pricing, setup cost, and licensing?

When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today.

Which other solutions did I evaluate?

I have worked with Palo Alto, Fortinet, and Sophos. I work a lot more with Palo Alto and Cisco Firepower. I find them to be very easy in terms of management operations. Fortinet is also a vendor where we see the ease of use, but in terms of troubleshooting, it is more complex than Firepower and Palo Alto. Sophos is the hardest one for me to use.

I love the IPS more on the Cisco Firepower, where you can do more tweaking compared to the other solutions. Where I love Palo Alto and Fortinet more compared to Firepower is that you still have CLI access to some configs instead of going through the UI and pushing some configs. When you are in big trouble, sometimes the command line is easier to push a lot more configs than doing some clicks and pushing them through the UI.

Compared to the other vendors, Firepower requires more deep dive skills on the IPS stuff to make it work and ensure that you are protected. If you go with the basic one in the package, you will be protected, but not so much. So, you need to have more deep dive knowledge on the IPS to be sure that you can tweak it and you can protect yourself.

Another Cisco Firepower advantage would be the Talos database. That is a big advantage compared to other solutions.

In terms of threat defense, we have a feature of TLS 1.3 that is free where we can see applications without doing any SSL inspection, which can increase the performance of the firewall without doing some deep dive inspection. At the same time, we keep some visibility of what application is going through. Therefore, we have a win-win situation if one wants to protect against some specific applications.

What other advice do I have?

Do not just look at the data sheet that vendors are publishing. Sometimes, they make sense. But, in reality, these documents are made based on specific use cases. Just do a proof of concept and test every single feature. You will find out that Cisco Firepower is much better and more tweakable than other solutions.

When you start using Cisco Firepower Management Center, you need a few days to get used to it. Once you know all the menus, it is kind of easy to find your way out and analyze traffic, not only in terms of the firewall but also in terms of IPS or SSL decryption. Different users are split away who can help you to troubleshoot what you want to troubleshoot, not having everything in one view.

Today, the only use cases that we have for dynamic policies are leveraging the API on Cisco FMC to push some config or change the config. There isn't a feature built automatically on the FMC to build a new policy, so we are leveraging APIs.

I would rate Cisco Firepower between eight and nine. The only reason that I am not giving a full nine is because of the Snort 3 operations, where there is a need for improvement.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
WaleedAboda - PeerSpot reviewer
Senior Security Engineer at a financial services firm with 501-1,000 employees
Real User
Top 20
Jul 8, 2024
Provides IPS intrusion prevention, anti-malware, and anti-spam
Pros and Cons
  • "The important features are IPS intrusion prevention, anti-malware, and anti-spam."
  • "The initial setup is easy, but it takes some time to push the configurations. Also, it's a little complicated and not friendly to use."

How has it helped my organization?

Cisco Secure Firewall has impacted our cybersecurity cost efficiency.

What is most valuable?

The important features are IPS intrusion prevention, anti-malware, and anti-spam.

What needs improvement?

Cisco firewall needs experience with hardware. They should also enhance security antivirus, application detection, user detection, and ID detection. 

For how long have I used the solution?

I have been using Cisco Secure Firewall for three years.

What do I think about the scalability of the solution?

300 users are using this solution.

How are customer service and support?

The support is good.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is easy, but it takes some time to push the configurations. Also, it's a little complicated and not friendly to use. It is good only for IT and experienced people. 

The deployment took two months and a team of two to three people.

What's my experience with pricing, setup cost, and licensing?

The pricing is average.

What other advice do I have?

I recommend the solution to medium and enterprise customers since it is expensive. 

Overall, I rate the solution an eight out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Cisco Secure Firewall
July 2026
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
903,257 professionals have used our research since 2012.
Karthik Venkataraman - PeerSpot reviewer
Senior Consultant at Velocis Systems
Real User
Mar 26, 2024
Enables us to have network segmentation
Pros and Cons
  • "Network segmentation is the most valuable feature."
  • "The dashboard can be improved."

What is our primary use case?

Our use for Cisco Secure is for the firewall. 

What is most valuable?

Network segmentation is the most valuable feature.

What needs improvement?

The dashboard can be improved. 

For how long have I used the solution?

I have been using Cisco Secure Firewall for seven years. 

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable. A thousand-plus users are using the solution in my company. 

How was the initial setup?

The initial setup is straightforward. 

What's my experience with pricing, setup cost, and licensing?

Pricing is high.

What other advice do I have?

Overall, I rate the product an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer. Integrator
PeerSpot user
Akshit Chhokar - PeerSpot reviewer
Technical Solutions Specialist - Networking at Google
MSP
Mar 8, 2024
Offers good reliability and great integration capabilities
Pros and Cons
  • "The product offers good scalability."
  • "The product's user interface is an area with certain shortcomings where improvements are required."

What is our primary use case?

I use the solution in my company for some internal testing purposes, so I don't use it in a real environment. I use it in my dummy lab environment.

What needs improvement?

The product's user interface is an area with certain shortcomings where improvements are required.

From an improvement perspective, the product's price needs to be lowered.

For how long have I used the solution?

I have been using Cisco Secure Firewall for three years. I am a customer of Cisco.

What do I think about the stability of the solution?

I have faced no issues with the stability of the product. Stability-wise, I rate the solution an eight out of ten.

What do I think about the scalability of the solution?

The product offers good scalability.

How are customer service and support?

I rate the technical support a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have experience with Sophos.

How was the initial setup?

The product's initial setup phase is a little difficult.

The product's deployment phase is a good and easy process.

The solution is deployed on the cloud.

What's my experience with pricing, setup cost, and licensing?

The product is expensive.

What other advice do I have?

I can't describe a particular scenario where the product has improved security, but I can say that the devices from Cisco are much more trustworthy and reliable compared to other devices in the market.

The most effective feature of the product for threat prevention stems from the granularity of the control that the devices from Cisco provide to its users.

The product offers great integration capabilities.

For our company's daily operations, the user interface provided by Sophos is much better and interactive compared to the one offered by Cisco.

You can choose Sophos if you want a low-budget or budget-friendly product. You can choose Cisco if you want a high-end and highly scalable tool with great integration capabilities, especially if budget is not an issue.

I rate the overall tool an eight out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Critical Infrastructure at Wintek Corporation
Real User
Jun 25, 2023
Offers high availability infrastructure along with access to excellent customer support
Pros and Cons
  • "The high-availability features, the VPN and the IPSec, are our top three features."
  • "We would really like to see dual dual power supplies for some Cisco Firewall products."

What is our primary use case?

Our primary use cases lie mainly with high availability and the security features available doing Layer 3 routing that we would need on our internal network.

How has it helped my organization?

It has simplified the internal network, so we don't have to worry about one device failing and losing connectivity. High availability is always there.

What is most valuable?

Our top three features are the high-availability features, the VPN and the IPSec.

It has fantastic visibility. It's a 10 out of 10. 

Cisco Secure Firewall is fantastic at securing our infrastructure from end to end so we can detect and remediate threats. We have already caught things that have tried to get in. 

Cisco Secure Firewall has improved resilience by a huge margin. It has been a great help.

Cisco Secure Firewall has freed staff because we don't have IT staff worrying about a lot of the threats. We trust the device that we are going to catch the threat. We are going to get a notification and be able to act upon that. Cisco Secure Firewall has saved at least 25 hours a week

The newer versions have made it so that we do not have to worry about other appliances with feature sets that are already built into the Cisco firewall.

The solution has had a huge effect, especially from physical density when it comes to securing our infrastructure. A lot of people don't think about power availability and cooling aspects. You have a limit to how much power you can push, and every little bit helps. 

We chose Cisco because of its understanding, customer service, warranties, and the quality of the product

What needs improvement?

We would like to see dual power supplies for some Cisco Firewall products. Having to get an ATS in the Data Center application because there's an A+B power feed on such a vital device with high availability may be something that I want to put in there.

For how long have I used the solution?

We have been using Cisco Firewall for the last 20 years.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

The solution is scalable because Cisco keeps up with new technology, the security application, bandwidth, optics, and the kind of speed that one can use.

How are customer service and support?

Customer support has been very responsive, whether it is a hardware failure or calling for any kind of technical support.

How would you rate customer service and support?

Positive

What was our ROI?

We have seen a return on investment in the total cost of ownership.

What's my experience with pricing, setup cost, and licensing?

The pricing is fair compared to competitors. Cisco is the Cadillac in its field. You get what you pay for. 

What other advice do I have?

Cisco is amazing at upgrading, so even if we did have to upgrade a device, it is plug-and-play because of that availability option.

Cisco is doing a great job with all the improvements that are coming; they are allowing for GUI setups where many people aren't so used to CLI. Many of the younger grads coming into our field are more used to APIs and automation, so having that GUI feel is a lot better than CLI.

I rate the solution a ten out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
reviewer2212515 - PeerSpot reviewer
Network Engineer at a healthcare company with 10,001+ employees
Real User
Jun 22, 2023
Fantastic reliability, easy to understand, and works very well for policy-based VPN
Pros and Cons
  • "Being able to use it as a policy-based VPN is valuable. It's very easy to understand. It's very easy to troubleshoot."
  • "For what we use it for, it ends up being the perfect product for us, but it would help if they could expand it into some of the other areas and other use cases working with speeding up and the reliability of the pushes from the policy manager."

What is our primary use case?

We mainly use it for policy-based VPNs to IPSec one of the businesses. We also use it as a firewall solution for remote VPN users. We have vendors who have access to our VPN solution, and they get a dedicated network.

How has it helped my organization?

We can automate the VPN. The build process and how we've standardized it makes it very easy for us to focus on other tasks. We know that an end user can push a button, and the VPN will get built. They only bring us in for troubleshooting or higher-level issues with the other vendor. Because of that program, the ability to use Cisco ASA every time, in the same way, makes our job easy.

Once we started standardizing and using the same solution, we've been able to correlate that so we know what we are doing. We can train even less experienced and newer guys to do the tasks that in turn frees up the higher-level engineers. It has cut out the VPN work for higher-level engineers. They may have been spending ten hours a week previously, and now they may spend ten hours in the quarter.

It has improved our cybersecurity resilience. It has allowed us to see some differences with partners using weaker ciphers, which allows us to validate what we're using and reevaluate it. We put exceptions in cases where we have to. The security risk team is as well aware of those, and they can essentially go back on a buy-in or see if the vendor has upgraded to plug in a security hole. It has given us that visibility to see where we are weak with our vendors.

What is most valuable?

Being able to use it as a policy-based VPN is valuable. It's very easy to understand. 

It's very easy to troubleshoot. It may be because I'm comfortable with it or because I've used it for so long, but it's easy to use for me. I don't have any problems with how to set it up or use it.

What needs improvement?

For what we use it for, it ends up being the perfect product for us, but it would help if they could expand it into some of the other areas and other use cases working with speeding up and the reliability of the pushes from the policy manager.

For how long have I used the solution?

We've been using Cisco ASA at least for the last six years. That's how long I've been in this organization, but my organization has been using it longer. 

What do I think about the stability of the solution?

We don't open bugs for it. It just works for what we've used it for. The last time we opened up an ASA bug would have probably been three years ago. From a reliability standpoint of what we're using it for, it's fantastic.

What do I think about the scalability of the solution?

We've had no problems with scaling our business. We went from using probably 200 active VPNs an hour to over 600 VPNs without blinking an eye at that.

How are customer service and support?

I enjoy Cisco's tech support. Just like any tech support out there, you could get a great or fantastic engineer, or you may get somebody who has just learned, so you just have to work with it. However, working with Cisco TAC, you find less of that than you do with other companies. 

Just to give them a shout-out, whenever we hit the Australian TAC, they're absolutely fantastic. Sometimes I feel that we should wait our hours when we open a ticket just so that we get one of them. They know their stuff. They absolutely do, so whoever they're hiring there, they got to keep that up and spread that out. I'd rate them a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I've worked with Check Point's firewall, and I've worked with Palo Alto's firewall. Things like packet capturing and packet tracing that I can manipulate to pretend I'm doing traffic through the firewall are a lot easier to do with ASAs than with other products.

We have other firewalls in our environment. We still use Palo Alto. We do have a little bit of a mix with Palo Alto in our environment, but in terms of VPN specifically, the way that Palo Alto does route-based VPN by default doesn't flow well with most people out there. It works great with cloud providers. Cisco can do route-based VPNs too. We have a route-based VPN solution with Cisco as well. We just use an ISR for that instead of a firewall.

How was the initial setup?

I've been part of the deployment. Specifically, how NATTING and the firewalls work, that part is not difficult at all, but there are some challenges when you take any product and manipulate the order of operations, but that's not a Cisco challenge. You're pairing different information. There are some tools that usually try to help with those conversions, but most of the time, I find it just easier to develop what you need and just build it from scratch.

What about the implementation team?

We implemented it on our own.

What was our ROI?

We've seen an ROI in terms of our high-level engineers having to work less on the product. I've been able to provide it to the NOC because of the use of the solution. They see value in that.

What's my experience with pricing, setup cost, and licensing?

Pricing is more for my leadership, but I give them the quotes, and if they approve, they're happy. They've never wavered, so I wouldn't say it's out of the realm where they're considering another product. It must be in the direct price range for our leadership to not blink an eye when we give it to them.

What other advice do I have?

To those evaluating this solution, I'd say that it's a solid product. It works. It does what we need. It gives us peace of mind to sleep at night. I'd definitely put it up there with some of the other firewalls to consider.

I'd rate Cisco ASA a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Solutions Architect at Acacia Group Company
Real User
Jun 19, 2023
An easy to configure solution that can act as a VPN concentrator
Pros and Cons
  • "The most valuable feature of Cisco Secure Firewall is its ease of configuration and that it's scalable for firewalls and VPNs."
  • "Changes you make in the GUI sometimes do not reflect in the command line and vice versa."

What is our primary use case?

We mostly use Cisco Secure Firewall as a VPN concentrator and for its firewall features.

How has it helped my organization?

Using Cisco Secure Firewall has helped grow our familiarity with people that know Cisco.

What is most valuable?

The most valuable feature of Cisco Secure Firewall is its ease of configuration and that it's scalable for firewalls and VPNs.

What needs improvement?

Changes you make in the GUI sometimes do not reflect in the command line and vice versa.

For how long have I used the solution?

We have been using the solution since its inception, so, for many years now.

What do I think about the stability of the solution?

We did not have any stability issues with Cisco Secure Firewall.

What do I think about the scalability of the solution?

We did not see any limitations with Cisco Secure Firewall’s scalability.

Which solution did I use previously and why did I switch?

We also use Aruba in our organization. We never have to factor in extra development time when we go to a new major version of Cisco. With Aruba, we have a pretty drawn-out development timeline for any upgrades or software improvements. Aruba and Cisco Secure Firewall are very different in their implementation and development.

How was the initial setup?

The initial setup of the Cisco Secure Firewall is very straightforward. The average time it took to deploy the solution was very short. Deploying the VM and automating our configurations took a couple of minutes.

What's my experience with pricing, setup cost, and licensing?

Cisco smart licensing is a hassle for a disconnected environment. However, I haven't licensed anything in a while. There have been many changes, making it easier to license disconnected devices connected to the internet.

What other advice do I have?

ASAv uses the solution as a VPN concentrator and a firewall because it could be used for both. It can be used for landing AnyConnect clients on ASAv and as a firewall.

What sets Cisco Firewall apart from other products is that when we do an update, we know we're not going to break a lot of things, and there are not a lot of bugs. The integration on the Cisco side is pretty good.

Most of our team is familiar with Cisco, and everyone knows what to expect when they log in. So it's easy in that way.

I like the application visibility and control with Cisco Secure Firewall. My only complaint is that the changes made in the GUI sometimes do not reflect in the command line.

I haven't had any problems with Cisco Secure Firewall. It's very straightforward and reliable. Also, it's trustworthy because it has the Cisco name.

Cisco Secure Firewall has helped free up our IT staff for other projects. The product is quite heavy into automation. So with it being Cisco, it is very scalable in generating configs. The solution saves a week or two for implementation and integration.

Cisco Secure Firewall has helped our organization improve its cybersecurity resilience through the reliability aspect.

You know what you're getting when you use an ASAv from Cisco. Cisco Secure Firewall is a great product in terms of reliability and scalability.

Overall, I rate Cisco Secure Firewall ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
PeerSpot user
reviewer2212524 - PeerSpot reviewer
Network Engineer at a construction company with 1,001-5,000 employees
Real User
Jun 18, 2023
Is reliable, enhances cybersecurity resilience, and provides visibility into our network
Pros and Cons
  • "Cisco Secure Firewall is reliable, which is why we opted for it during the pandemic for our remote users."
  • "The cloud does not precisely mimic what is on-premises."

What is our primary use case?

We use Cisco Secure Firewall for remote VPN.

How has it helped my organization?

Cisco Secure Firewall played a crucial role in enabling all our users to establish remote connections from their homes.

Cisco Secure Firewalls' application visibility and control are beneficial because they provide a management console that allows us to view logging and sessions.

It enhances our organization's cybersecurity resilience by enabling us to deploy multiple instances of it both in Azure and on-premises. This redundancy ensures that in the event of an outage or any other issues, we can seamlessly switch to alternative locations.

What is most valuable?

Cisco Secure Firewall is reliable, which is why we opted for it during the pandemic for our remote users.

What needs improvement?

The cloud does not precisely mimic what is on-premises. There are some new challenges with the features in Azure. Due to Azure limitations, we cannot synchronize configurations between an active standby. This aspect makes it difficult to perform such tasks in the cloud, requiring manual intervention.

For how long have I used the solution?

I have been using Cisco Secure Firewall ASA for ten years.

What do I think about the stability of the solution?

In my current role, I have not encountered any stability issues.

What do I think about the scalability of the solution?

Cisco Secure Firewall is scalable.

How are customer service and support?

Cisco's technical support is excellent, and its personnel are knowledgeable. I consistently receive prompt and satisfactory responses from them. However, there are occasions when we need to reach out to them for feedback follow-up.

How would you rate customer service and support?

Positive

How was the initial setup?

We encountered some issues with the deployment because we run on Azure now. 

What's my experience with pricing, setup cost, and licensing?

Although I am not directly involved in dealing with the pricing aspect of the Cisco Secure Firewall, I know that the licensing has improved over the years.

What other advice do I have?

I rate Cisco Secure Firewall a nine out of ten.

The Cisco Secure Firewall is not a remediation tool but rather designed for secure remote sessions.

We use the same ASAs for firewall functionality as we do for VPN functionality.

Our organization is currently considering Palo Alto as an alternative to Cisco. However, I am not involved in the decision-making process.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2212530 - PeerSpot reviewer
Systems Engineer at a engineering company with 5,001-10,000 employees
Real User
Jun 18, 2023
A ubiquitous and easy-to-deploy product with a good support team
Pros and Cons
  • "The solution is pretty easy to deploy."
  • "I would like to see an IE version of the solution where it is ruggedized."

What is our primary use case?

I'm a design consultant. We primarily use the product to secure various client networks, major infrastructure, highways, and urban surveillance.

What is most valuable?

The solution is pretty easy to deploy. It is pretty ubiquitous too, so it is easy to get. It pretty much does the job we need it to do.

What needs improvement?

I would like to see an IE version of the solution where it is ruggedized. Most of what we do is infrastructure based on highways. Now that the product has a hardened switch, the only thing left in our hubs that isn't hardened is probably the firewall. It would be nice to pull the air conditioners out of the hubs.

For how long have I used the solution?

I have been using the solution for 20 years.

What do I think about the stability of the solution?

I've never had a stability problem with firewalls.

What do I think about the scalability of the solution?

The solution seems to be very scalable. I probably don't have much experience with scalability because, by the nature of how our networks work, we don't scale them; we just add another one.

How are customer service and support?

Support is very good. I've never had a problem with any form of support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I used only a couple of other products over the years due to client preference. In general, Cisco Secure Firewall is easier to deploy mostly because of the depth of personnel trained in it. Every other product seems to be a niche thing that two people know, but Cisco once again seems ubiquitous throughout the industry. Our customers choose Cisco for various reasons, from cost to a preference for Cisco. It meets the task that they need to meet. It's really the spectrum.

How was the initial setup?

The deployment is pretty straightforward. It's the same as deploying any other Cisco equipment. If you know what you're doing, it's not a huge deal.

What was our ROI?

I believe our clients have seen an ROI. Their networks are more secure. Various agencies have tested a few of them to prove it, and they've proven okay. Since they weren't attacked, they have received an ROI.

What's my experience with pricing, setup cost, and licensing?

The licensing is not so bad. The solution’s pricing could be lower. It's not horrible, though.

What other advice do I have?

The application visibility and control are pretty good. It seems to do everything we've ever needed it to do. I've never asked the product to do something that it couldn't do. The solution has been pretty successful at securing our infrastructure from end to end. Most of our client’s staff have reported that the product is not as maintenance intensive as they would like. They never had to deal with maintenance before, but now they do. We deploy new systems for our clients.

I haven't had much experience with Cisco Talos directly. I know it's there, but I haven't really been involved. I haven't experienced it, which I believe is a good thing. It's doing its job if I don't have to get involved with it. The product has definitely helped improve our organization’s cybersecurity resilience. We weren't secure at all before, and we are a known target since we’re based in infrastructure. The solution has been very helpful in providing security.

It is a good product. I would definitely look into it. There is great value in going to a partner to a reseller to deploy the product. They understand the equipment and have expertise. Normally, they're local, so local knowledge is always useful. They have done deployments before, so sometimes they know tips or tricks that aren't in the manuals.

People evaluating the solution should give it a look. Definitely, it is worth taking a look at it.

Overall, I rate the product a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Networking Project Management Specialist at Bran for Programming and Information Technology
MSP
Apr 9, 2023
Highly reliable, quick device replacements, and responsive support
Pros and Cons
  • "Our company operates in Saudi Arabia, primarily working with government sectors. If any hardware malfunctions, the defective device is removed, and we receive a replacement from the reseller. We have not encountered any issues related to delays in receiving replacements for malfunctioning devices which has been beneficial."
  • "In today's world, cyberattacks have become a common occurrence. However, so far, we have not faced any issues with our systems. I hope the situation remains the same in the future. If Cisco introduces even more advanced security measures, it would be beneficial."

What is our primary use case?

To safeguard our clients' system data and related aspects, we rely on Next-Generation Firewalls as a system integrator. In particular, we use Cisco Secure Firewall for enhanced security measures.

We have provided our services to the National Information Center in Riyadh, which is a government database. They installed Cisco Secure Firewall systems and have given us positive feedback, which is why most of the areas prefer to use Cisco. To date, we have not received any negative feedback from our clients regarding any issues, such as hacking. Everything has been secure, and I hope it stays that way in the future.

What is most valuable?

Our company operates in Saudi Arabia, primarily working with government sectors. If any hardware malfunctions, the defective device is removed, and we receive a replacement from the reseller. We have not encountered any issues related to delays in receiving replacements for malfunctioning devices which has been beneficial.

What needs improvement?

In today's world, cyberattacks have become a common occurrence. However, so far, we have not faced any issues with our systems. I hope the situation remains the same in the future. If Cisco introduces even more advanced security measures, it would be beneficial.

One of the major issues we face in the Middle East is the long delivery time for Cisco products. Currently, they are taking almost 10 months to deliver, which is much longer compared to before when we received the products within 70 to 80 days or even two to three months. For instance, we recently placed an order that has a delivery date in the middle of 2024. This delay is unacceptable as customers cannot wait that long, and they may opt for other alternatives, such as Huawei, Juniper, or HPE. Therefore, Cisco needs to improve its delivery time and ensure that they deliver products within a reasonable timeframe, as it did before.

For how long have I used the solution?

I have been working with Cisco Secure Firewall for more than 10 years.

What do I think about the stability of the solution?

We have not encountered any stability issues. The only issue we faced was with another company that did not have proper cooling systems in their data center.

What do I think about the scalability of the solution?

The scalability of the Cisco Secure Firewall is excellent.

How are customer service and support?

A few years ago, we faced an issue with some of our devices in Saudi Arabia, and we reached out to Cisco for assistance. They responded promptly and repaired our devices within the given time frame. While the delivery time for their solutions in the Middle East may be longer, Cisco still delivers their solutions on time, whether it's for repair or new orders. Even if the delivery time is up to a year, Cisco ensures that our products are provided on time.

I rate the support from Cisco Secure Firewall a ten out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

As a system integrator, our primary focus is not on selling products, but rather on providing comprehensive solutions to our customers, starting from scratch and ensuring everything runs smoothly. In this regard, we rely heavily on Cisco devices, including switches, routers, code devices, NK, Nexus, 7000, and 9000. We also use other Cisco products, such as IP phones and access points. In Saudi Arabia, Cisco is the most popular brand in the market, but its popularity is declining due to prolonged delivery times. Customers cannot afford to wait a year, and this is the primary reason for the decline in demand.

What's my experience with pricing, setup cost, and licensing?

The prices of Cisco Secure Firewall are competitive, especially for us as Cisco partners. We purchase the products directly from Cisco as a gold partner, which allows us to obtain better pricing than we would get from normal distributors or the local market.

What other advice do I have?

Our current company, SNC ICT, is already a Cisco Gold Partner. We are actively involved in investing, purchasing, and selling Cisco products to our customers, as well as performing installations, configurations, and providing other related services.

In the Middle East, most people with a budget opt for Cisco. However, I do not have any information about the preferences in Europe, South Asia, or Asia.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2026
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.