We use it to protect our DMZs and externals, to protect our network from our other city partners who manage their own networks to which we have direct connections, like VPNs, and to manage the security parameters between inside and outside connectivity and vice versa.
System programmer 2 at a government with 10,001+ employees
Has versatile, flexible policies and packet captures that help debug connections
Pros and Cons
- "The features I've found most valuable are the packet captures and packet traces because they help me debug connections. I like the logs because they help me see what's going on."
- "I think they need to review their whole UI because it feels like it was created by a whole bunch of different teams of developers who didn't fully talk to each other. The net policy screen is just a mess. It should look like the firewall policy screen, and they should both act the same, but they don't. I feel like it's two different buildings or programming, who don't talk to each other, and that really annoys me."
What is our primary use case?
How has it helped my organization?
Cisco Firepower NGFW Firewall was introduced as a migration of many firewalls into one. Just having one firewall with one place of security and one place to look for your packets has really helped.
What is most valuable?
The features I've found most valuable are the packet captures and packet traces because they help me debug connections. I like the logs because they help me see what's going on.
The security correlation events and the network map help me to drill down on a host at will.
I really like the flexibility of the policies such as those you can use and the layer three policies with which you can block applications. It's really versatile. I like the security zones.
Cybersecurity resilience is our main focus right now. Because we're a government organization, everybody's really nervous about security and what the ramifications are. My device generates all the logs that our security team goes through and correlates all the events, so it's really important right now.
What needs improvement?
I think they need to review their whole UI because it feels like it was created by a whole bunch of different teams of developers who didn't fully talk to each other. The net policy screen is just a mess. It should look like the firewall policy screen, and they should both act the same, but they don't. I feel like it's two different buildings or programming, that don't talk to each other, and that really annoys me.
They should either build an application or get away from the web. They need to do something that's uniform and more streamlined.
We have a multi-person firewall team, and I can't look at a policy while somebody else is in it. It'll kick me out. I might be working on something that the other guy has to modify. I know that in the next versions they will be dealing with it with a soft lock, but it should've already been there.
One of Cisco's strengths is the knowledge depth of their staff. The solutions engineer we worked with knew the routing and each protocol. If he didn't know something, he would reach out to someone else at Cisco who did. He would even talk to a developer if he needed to.
Buyer's Guide
Cisco Secure Firewall
June 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,687 professionals have used our research since 2012.
For how long have I used the solution?
I've been using Firepower for about three years.
What do I think about the stability of the solution?
There are some stability issues. We ran CheckPoint for years and didn't have problems with the firewall itself. However, with Firepower, in the past two years, we've had two major crashes and a software bug switchover.
We were debugging NAT rules. I did a show xlate for the NAT translation, and the firewall rebooted itself.
It has only been three instances in two years, but when I compare the stability to that of CheckPoint, it seems higher. CheckPoint just seemed to run.
What do I think about the scalability of the solution?
We have about 8000 end users. Scalability-wise, it's already handling a large amount of traffic.
How are customer service and support?
I like that Cisco's technical support will help me recover the firewall when everything falls apart. I'd give them a nine out of ten. They've really been consistently good, and they go after the problem.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used CheckPoint and Fortinet. We switched from CheckPoint because it was unsupported, and we wanted to move to a next-generation firewall.
We went to Fortinet, and when we switched over, it caused a huge network outage. The Cisco engineers helped fish us out of that. Our GM at the time preferred Cisco, and we switched to Cisco Firepower NGFW Firewall.
How was the initial setup?
Setting up the machines was straightforward, but exporting was complex. That is, it wasn't a complex deployment as far as the hardware goes. It was more of a complex deployment as far as transferring all the rules go because of our routing architecture.
Firepower is our main interface out to the outside world. We have about eight DMZs that are interface-based. You can do a logical DMZ or you can have an interface and a logical DMZ. We have about eight that are on interfaces. Then, we have our cloud providers and the firewall. We have rules so that our cloud providers can't ingress into our network.
I've found that Firepower does need a lot of maintenance. It needs a lot more software updates than other solutions. We have three people to maintain the solution.
What about the implementation team?
For the deployment, we had about 18 team members including firewall administrators, Cisco firewall engineers, and techs.
What's my experience with pricing, setup cost, and licensing?
The licensing scheme is completely confusing, and they need to streamline it. They have classic licensing and a new type of licensing now. Also, the licensing for the actual firewall is separate from the one for TAC support.
What other advice do I have?
My advice to leaders who want to build more resilience within their organizations is that they should help make policies. Leaders don't want to make policies; they don't want to put their names on policies or write policy documents. I as a firewall administrator am the one saying what the policy should be. I tell them what should happen, and sometimes, they resist.
Also, because the system is just too big to really manage without TAC, you would need TAC along with Firepower.
My advice would also be to go with HA or a cluster up front and not to be cheap. You really need to go in with a robust solution up front.
I would rate Firepower an eight on a scale from one to ten because the firewall and tech support together make it a very robust solution.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Network Engineer at a tech vendor with 5,001-10,000 employees
Provides us with a critical piece of our in-depth security stack
Pros and Cons
- "The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot."
- "One of the challenges we've had with the Cisco ASA is the lack of a strong controller or central management console that is dependable and reliable all the time."
What is our primary use case?
We have the Cisco 5585-X in our data center for perimeter security, internet protection, and for applications behind Cisco ASA DMZs. The challenges we wanted to address were security and segregating the internal networks and the DMZs.
How has it helped my organization?
Security-wise, it's given us the protection that we were looking for. Obviously, we're using an in-depth type of design, but the Cisco ASA has been critical in that stack for security.
What is most valuable?
The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot. As a troubleshooting tool, Packet Tracer is one of the things that I like. It comes up in all my interviews. When I want to figure out if someone knows how to use the ASA, I ask them about use cases when they use the Packet Tracer.
What needs improvement?
One of the challenges we've had with the Cisco ASA is the lack of a strong controller or central management console that is dependable and reliable all the time. There was a time I was using what I think was called CMC, a Cisco product that was supposed to manage other Cisco products, although not the ASA. It wasn't very stable.
The controller is probably the biggest differentiator and why people are choosing other products. I don't see any other reason.
For how long have I used the solution?
I've used the Cisco ASA going back to the 2014 or 2015 timeframe.
What do I think about the stability of the solution?
The ASA has been very stable for us. Since I deployed the ASA 5585 in our data center, we've not had to resolve anything and I don't even recall ever calling TAC for an issue. I can't complain about its stability as a product.
Our Cisco ASA deployment is an Active-Standby setup. That offers us resilience. We've never had a case where both of them have gone down. In fact, we have never even had the primary go down. We've mainly used that configuration when we're doing code upgrades or maintenance on the network so that we have full network connectivity. When we're working on the primary, we can switch over to the standby unit. That type of resiliency works well for our architecture.
How are customer service and support?
TAC is good, although we've had junior engineers who were not able to figure things out or fix things but, with escalations, we have eventually gotten to the right person. We also have the option to call our sales rep, but we have never used that option. It seems like things are working.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
In the old days, we used Check Point. We did an evaluation of the Cisco ASA and we liked it and we brought it on board.
At that time, it was easy for our junior operations engineers to learn about it because they were already familiar with Cisco's other products. It was easier to bring it in and fit it in without a lot of training. Also, the security features that we got were very good.
How was the initial setup?
The one we deployed in the data center was pretty straightforward. I also deployed the Cisco ASA for AnyConnect purposes and VPN. I didn't have to call TAC or any professional services. I did it myself.
What about the implementation team?
We used a Cisco reseller called LookingPoint. I would recommend them. We've done a lot of other projects with them as well.
What was our ROI?
It's a great investment and there's a lot of value for your money if you're a CSO or a C-leader. As an engineer, personally, I have seen it work great wonders for us. When we're doing code upgrades or other maintenance we are able to keep the business going 100 percent of the time. We have definitely seen return on our investment.
What's my experience with pricing, setup cost, and licensing?
I don't look at the pricing side of things, but from what I hear from people, it's a little pricey.
Which other solutions did I evaluate?
At the time, we looked at Juniper and at Palo Alto. We didn't get a feeling of confidence with Palo Alto. We didn't feel that it offered the visibility into traffic that we were looking for.
What other advice do I have?
We use Cisco AnyConnect and we've not had any issues with it. During COVID we had to scale up and buy licenses that supported the number of users we had, and we didn't have any problems with it.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Cisco Secure Firewall
June 2025

Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,687 professionals have used our research since 2012.
Network Engineer at a university with 1,001-5,000 employees
Its cybersecurity resilience has been top-notch and paramount for our organization
Pros and Cons
- "Cybersecurity resilience has been paramount. Because there is a threat of losing everything if ransomware or another sort of attack were to happen, the cybersecurity resilience has been top-notch."
- "I would like it if they made the newer generation a bit simpler. You can do ASA code and FXOS. It is just a bit confusing with the newer generational equipment on what it can do."
What is our primary use case?
We pretty much use it as our edge firewall and data center firewall.
We have a colocation that is the center for all our campuses. That is where our edge firewall is. We use that for VPN as well, and it was a great thing during the pandemic because we were already ready to go with VPN. We didn't have to do anything extra on that part.
How has it helped my organization?
The solution has really enabled us to ensure our university is secure.
Cybersecurity resilience has been paramount. Because there is a threat of losing everything if ransomware or another sort of attack were to happen, the cybersecurity resilience has been top-notch.
What is most valuable?
The multi-context feature is the most valuable, especially in our data center. Having different needs for different departments is part of our organization. We can have five firewalls in one.
What needs improvement?
I would like it if they made the newer generation a bit simpler. You can do ASA code and FXOS. It is just a bit confusing with the newer generational equipment on what it can do.
For how long have I used the solution?
I have been using this solution for five years.
What do I think about the stability of the solution?
I would rate the stability as 10 out of 10.
We do maintenance for software updates, etc. I don't think we have had any major hardware failures.
What do I think about the scalability of the solution?
We haven't had to really scale up too much.
How are customer service and support?
The technical support is excellent. Every time that we have ever had an issue, we got a result very quickly. I would rate them as nine out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have always had ASA since I have been at the company. The ASAs were in place and we have upgraded to newer ASA Next-Generation Firewalls.
What's my experience with pricing, setup cost, and licensing?
I am not a huge fan of Cisco licensing in general. However, I wasn't really involved with the pricing. That decision was made a little higher than me.
Which other solutions did I evaluate?
We are in the middle of an upgrade to the newer Firepowers.
We have used Palo Alto for another solution and they have a better firewall. It is a whole new GUI to learn. With Palo Alto, you simply get one code, then that is your firewall. With the newer Firepowers, there are two or three different ways that you can run it. So, we currently have our data center running in ASA code, then we are doing it a different way with our edge ASA. My supervisor has complained about all the different ways that the new hardware can be configured and installed.
What other advice do I have?
Stay more up-to-date with equipment. The old equipment is what will get you, e.g., leaving Windows 7 machines on your network or 15-year-old switches.
Heavily research what can do cluster mode, HA pairs, etc. That is where we ran into the "gotchas". You have to run it in certain ways to have it clustered and run it another way to have it as an HA pair.
I would rate ASA Firewall as nine out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Senior Network Engineer at a manufacturing company with 1,001-5,000 employees
The VPN solution works much better than our previous solutions
Pros and Cons
- "So far, it has been very stable."
- "The user interface is a little clunky and difficult to work with. Some things aren't as easy as they should be."
What is our primary use case?
We are using it for border firewalls, VPN access, and site-to-site VPN tunnels.
It is deployed at a single location with about 2,500 users.
What is most valuable?
So far, the remote VPN access has been a perfect solution for our company.
What needs improvement?
The user interface is a little clunky and difficult to work with. Some things aren't as easy as they should be.
For how long have I used the solution?
I have been using it for five years.
What do I think about the stability of the solution?
So far, it has been very stable.
It does require maintenance. There is a team of two who manage it.
What do I think about the scalability of the solution?
We haven't scaled it much at this point.
How are customer service and support?
The technical support has been good so far. I would rate them as eight out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
The VPN solution works much better than our previous solutions.
We previously used Palo Alto. The switch was driven by Cisco's pitch.
How was the initial setup?
It was fairly straightforward. We stood it up side by side with our nesting firewalls. We did some testing during an outage window, then migrated it over.
What about the implementation team?
We used a partner, CDW, to help us with the deployment. Our experience with CDW was good.
Internally, it was just me for the deployment.
What's my experience with pricing, setup cost, and licensing?
The pricing seems fair. It is above average.
What other advice do I have?
Take the time to really learn it, then it becomes a lot easier to use.
I would rate the solution as eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Analytical Engineer at a pharma/biotech company with 10,001+ employees
Keeps away threats trying to come into my organization
Pros and Cons
- "With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well."
- "It can be improved when it comes to monitoring. Today, the logs from the firewalls could be improved a bit more without integrating with other devices."
What is our primary use case?
We are using it for our VPN. We have a remote VPN and then a VPLS connection. Overall, it is a pretty big design.
We were looking for an opportunity to integrate our Firepower with Cisco ASA.
We mainly have these appliances on the data center side and in our headquarters.
How has it helped my organization?
It did help my organization. The firewall pretty much covers most stuff. They have next-gen firewalls as well, which have more threat analysis and stuff like that.
The firewall solution is really important, not just for our company, but for every organization. It keeps away threats trying to come into my organization.
With the pandemic, people began working from home. That was a pretty big move, having all our users working from a home. More capacity needed to be added to our remote VPN. ASA did this very well.
What is most valuable?
The most valuable features are the remote VPN and site-to-site VPN tunnels.
I use the solution to write policies and analyze the data coming in via the firewalls.
What needs improvement?
It can be improved when it comes to monitoring. Today, the logs from the firewalls could be improved a bit more without integrating with other devices.
I would like to see more identity awareness.
For how long have I used the solution?
I have been using it for over six years.
What do I think about the stability of the solution?
The stability is pretty good. They are keeping up the good work and making updates to the current platform.
How are customer service and support?
The support is good. They have been there every time that we need them. I would rate them as nine out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have used Check Point and Palo Alto. We are still using those but for more internal stuff. For external use, we are using the Cisco client.
How was the initial setup?
The initial deployment was straightforward. We have worldwide data centers. For one data center, it took three days from design to implementation.
What about the implementation team?
It was a self-deployment. It took eight people to deploy.
What's my experience with pricing, setup cost, and licensing?
It was pretty good and not expensive on the subscription side. Cisco is doing a good job on this.
Which other solutions did I evaluate?
We also evaluated Zscaler, which is more cloud-based. It was pretty new and has a lack of support on the system side.
What other advice do I have?
They have been keeping up by adding more features to the next-gen and cooperating with other vendors.
I would rate this solution as nine out of 10. It is pretty good compared to its competitors. Cisco is doing well. They have kept up their old traditional routing and fiber policies while bringing on new next-gen features.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Network Engineer at Utah broadband
It is secure and very reliable
Pros and Cons
- "The TAC is always very helpful. We pay for Tier 1 support, so we get whatever we need from them. They always give us a solution. If they can't give us an answer that day, they get back to us within at least 24 hours with a solution or fix. I have never had a problem with the TAC. I would rate them as 10 out of 10."
- "We wanted to integrate Firepower with our solution, but it didn't have the capability to accommodate our bandwidth since they only had two 10 gig interfaces on the box. We run way more than that through our network because we are a service provider, providing Internet to our customers."
What is our primary use case?
We use it as a security solution. It is our firewall.
We run three data centers and have three ASAs at each data center.
What is most valuable?
It is pretty user-friendly and straightforward to use.
It is secure and very reliable.
I like the heartbeat between the two devices that we have. Because if something fails, it immediately fails over.
For how long have I used the solution?
I have been using ASAs for 15 years at two different companies.
What do I think about the stability of the solution?
Cybersecurity resilience has been outstanding because it is very stable. There are not a whole lot of upgrades that we need to do for the firmware.
Four engineers support it. From time to time, there are firmware upgrades that we need to keep up to date with. Sometimes, we need to run debugs to figure out what's going on with it, and if it needs a patch, then we will figure it out. Usually, Cisco has been really good about getting us that.
What do I think about the scalability of the solution?
Scalability is actually pretty exponential. In the grand scheme of things, we are a small network. We only have 15,000 subscribers. However, if we need to expand, it is reasonable.
How are customer service and support?
The TAC is always very helpful. We pay for Tier 1 support, so we get whatever we need from them. They always give us a solution. If they can't give us an answer that day, they get back to us within at least 24 hours with a solution or fix. I have never had a problem with the TAC. I would rate them as 10 out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We haven't really used anything different. The only thing that we run inline with Cisco ASAs is Barracuda Networks. We kind of run that in tandem with this firewall, and it works really well.
Which other solutions did I evaluate?
We wanted to integrate Firepower with our solution, but it didn't have the capability to accommodate our bandwidth since they only had two 10 gig interfaces on the box. We run way more than that through our network because we are a service provider, providing Internet to our customers.
What other advice do I have?
Do your homework and know what you are doing. Know how to use your product, stay current, and hire smart people.
I would rate the solution as eight out of 10.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Systems Engineer at a healthcare company with 201-500 employees
Defends the perimeter, and new Management Center web interface is great
Pros and Cons
- "IPS and Snort are very important because they also differentiate Cisco from other vendors and competitors."
- "A major area of improvement would be to have more functionality in public clouds, especially in terms of simplifying it. The high availability doesn't work right now because of the limitations in the cloud."
What is our primary use case?
For our customers, Firepower is a classic perimeter firewall. Sometimes it's also for branch connections, but for those cases, we prefer Meraki because it's simpler. If a customer has Meraki and requires advanced security features, we will offer Firepower as a perimeter solution for them. Meraki is for SD-WAN and Firepower is for the perimeter.
Firewalls are not a new technology but they have a very distinct role in an enterprise for defending the perimeter. Firepower is for organizations that have traditional infrastructures, rather than those that are heavily utilizing cloud services. For us, the clients are government agencies and ministries, and we have a lot of them as our customers in Latvia.
What is most valuable?
Most firewalls do the same things, more or less. Because we have to compete with other vendors, it's the things that are different that are important. With Cisco, it's the security intelligence part. It's quite simple to configure and it's very effective. It cuts down on a lot of trouble in the early phases.
IPS and Snort are very important because they also differentiate Cisco from other vendors and competitors.
I also like that, in recent years, they have been developing the solution very quickly and adding a lot of new, cool features. I really love the new web interface of Cisco Secure Firewall Management Center. It looks like a modern web-user interface compared to the previous one. And the recent release, 7.2, provided even more improvements. I like that you have the option to switch between a simplified view and the classic view of firewall policies. That was a good decision.
What needs improvement?
A major area of improvement would be to have more functionality in public clouds, especially in terms of simplifying it. The high availability doesn't work right now because of the limitations in the cloud. Other vendors find ways to make it work differently than with on-prem solutions.
This is very important because we have customers that build solutions in the cloud that are like what they had on-prem. They have done a lift-and-shift because it's easier for them. They lift their on-prem physical boxes and shift them to the cloud, convert them to virtual, and it continues to work that way. Many times it's not the most efficient or best way to do things, but it's the easiest. The easiest path is probably the way to go.
For how long have I used the solution?
I have been using Cisco Firepower NGFW Firewalls for four or five years now, but before that, I worked with ASA Firewalls a lot. It was just a transition. I have been using Firepower almost from day one.
We are an integrator and we resell as well as provide professional services. We do everything from A to Z.
What do I think about the stability of the solution?
There are a lot of things that can be improved. As a Cisco partner, I usually take the first hit if something doesn't work. In recent years, the solution has improved and is more stable. But it has to continue to improve in that direction.
A Firepower firewall is a very important point of exit and entry to a network. It's a critical piece of infrastructure. They should have high availability.
By comparison, I am also a huge fan of Stealthwatch (Cisco Secure Network Analytics) and I use it everywhere. I've been working with that solution for 15 years but it's not mission-critical. If it doesn't work, your boss is not calling you. If it doesn't work, it is not collecting telemetry and it doesn't do its job, but you are not stressed to fix it. With firewalls, it's a little different.
How are customer service and support?
Tech support really depends on how lucky you are. It depends on when you create a TAC case and in which time zone the case is created. That determines which part of TAC takes ownership of your case. I have had a few unpleasant cases but, at the end of the day, they were resolved. I didn't feel like I was alone in the field with an angry customer.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We made a gradual transition from ASA to Firepower because they first had this as Sourcefire services. That is what we used to install first for our customer base. Then Firepower defense appliances and firmware came out. It was a natural process.
How was the initial setup?
My view may be a little bit biased because I do a lot of Cisco deployments, and I have a lab where I play all the time. But overall the deployment is not too complicated.
The deployment time depends on what type of deployment you have. If it's a physical deployment, it may be a little bit faster because you don't have to set up virtual machines. But I recently had a project in AWS, and I used Terraform Templates and it was easy. I still had to configure some additional things like interfaces, IP addresses, and routing.
Because I know where everything is in the UI, the deployment is okay. One thing I miss a little bit is being able to configure things, like routing, via the command line, which is how it used to be done with the ASA Firewalls. But I understand why they've taken that ability away.
With ASA Firewalls, even when you were upgrading them, the experience was much better because it didn't have those advanced Snort features and you could usually do an upgrade in the middle of day and no one would notice. You didn't have any drops. With Firepower, that's not always the case.
What's my experience with pricing, setup cost, and licensing?
It's hard to talk about pricing when you compare firewalls because firewall functionality is almost the same, regardless of whether it's a small box or a large box. The difference is just the throughput. Leaving aside things like clustering, what you have to look at are the throughput and the price.
Cisco's pricing is more or less okay. In other areas where we work with Cisco solutions, like other security solutions and networking, Cisco is usually much more expensive than others. But when it comes to firewalls, Cisco is cheaper than Check Point although it is not as cheap as Fortigate. But with the latest improvements in hardware and speed, the pricing is okay.
To me, as a partner, the licensing is quite simple. I'm responsible for providing estimates to my sales guys and, sometimes, as an architect, I create solutions for my customers and give them estimates. There are other Cisco solutions that have much more complicated licensing models than Firepower. In short, the licensing is quite okay.
Which other solutions did I evaluate?
Not all of our customers use Cisco and that means we have competition inside our company with Check Point. We also made some attempts with Palo Alto Firewalls, long before we became Cisco partners, but somehow it didn't work for us.
I enjoy working with Cisco because it's more of a networking-guy approach. It reminds me a lot of all the other Cisco equipment, like their switches and routers. The experience is similar.
I haven't worked a lot with Checkpoint firewalls, but I like how they look. What I don't really like is the way you configure them because it's very different from what networking guys are used to doing. I'm not saying it's bad, it's just different. It's not for me. Maybe it appeals more to server guys. Cisco has a more network-centric approach.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller/partner
Security Network Architect at Inmac
Has an easy installation process, but the integration capabilities with various applications need improvement
Pros and Cons
- "The advantage of using Cisco is its integration within the Cisco fabric, which allows for effective threat detection and mitigation."
- "Cisco could improve its score by developing more features that integrate seamlessly with various applications and investing in hardware acceleration to enhance performance."
What is our primary use case?
Cisco Secure Firewall is a next-generation firewall that can be used for various security applications.
What is most valuable?
The advantage of using Cisco is its integration within the Cisco fabric, which allows for effective threat detection and mitigation.
What needs improvement?
Cisco could improve its score by developing more features that integrate seamlessly with various applications and investing in hardware acceleration to enhance performance.
What do I think about the stability of the solution?
The product is stable with minimal glitches or latency issues.
How was the initial setup?
The solution is easy to install, requiring minimal expertise. Deployment time varies, but it can take about two days for a medium-sized company with 200-300 users to configure and install.
What was our ROI?
After five years of product usage, the high return on investment and low total cost of ownership can be observed.
What's my experience with pricing, setup cost, and licensing?
Pricing depends on partnerships and certifications. The engineering team's certifications can qualify it for seven to eight percent discounts.
What other advice do I have?
The platform's integration capabilities depend on the project context. In some cases, integrating Palo Alto may provide better performance, but Cisco can still be effective.
However, its classification in industry comparisons, such as those from Gartner, is lower than that of competitors like FortiGate and Palo Alto.
Overall, I rate it seven out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos XG
Cisco Umbrella
Cisco Identity Services Engine (ISE)
Palo Alto Networks NG Firewalls
Check Point NGFW
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Sophos XGS
Fortinet FortiGate-VM
SonicWall NSa
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Cisco ASA And Fortinet FortiGate?
- Cisco Firepower vs. FortiGate
- How do I convince a client that the most expensive firewall is not necessarily the best?
- What are the biggest differences between Cisco Firepower NGFW and Fortinet FortiGate?
- What Is The Biggest Difference Between Cisco Firepower and Palo Alto?
- Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
- What are the main differences between Palo Alto and Cisco firewalls ?
- A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Which product do you recommend and why: Palo Alto Networks VM-Series vs Cisco Firepower Threat Defense Virtual (FTDv)?