Cisco Secure Firewall Reviews

We primarily use the solution in order to create access rules. That's what I use it for mostly. Sometimes, if I need to do some mapping, I may also leverage this product.  

In terms of access, the solution is great at making sure that the firewall has the right IPs, or that the right IPs are passing through where they should be. 

The product does a good job of making sure that the connection is one that the user can trust. It keeps everything secure.

From what I've already done with ASA, I've noted that it's a very simple solution. 

It is a very user-friendly product. I started with the GUI version. There are different versions. You could have the CLA, and the GUI version if you like. Both are really user-friendly and they're easy to learn. 

We haven't been working with the product for too long, and therefore I haven't really found any features that are lacking. So far, it's been pretty solid.

One of the things that would make my life easier on ASA, especially for the CLA, is if it had an ASBN feature, specifically for the CLA. This would allow you to be able to see at once where a particular object group is being used without having to copy out all the object groups that have already been created.

I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI.

I've been using the solution for six months now. It's been less than a year. It hasn't been too long just yet.

The solution has been quite stable.

Most of the clients that we deal with use this solution. No one has ever complained about having a breach or anything, to the best of my knowledge, even though we see some people combine different firewalls together, and use them alongside Cisco ASA. So far, we've not had any issue with Cisco ASA. It's reliable and keeps our clients safe.

I've never tried to scale the product. I haven't worked with it too long at this point. I wouldn't be able to comment on its scalability potential.

I've never dealt with technical support yet. I can't speak to their level or response or their knowledge of the product.

In the past, I've worked with Check Point and Fortinet as well.

I've been handling the implementation. So far, it's been good, even with no prior knowledge of the solution itself. It's my first time working with it.

On my team, lots of people are working on different aspects, and most of the setup is being done by those that have more knowledge about the firewall than we have. We don't have anything to do with the setup, we just make sure that we implement whatever connections the clients already have. It's already broken down that way, just to avoid as many mistakes as possible.

We already have a process for implementation based on the number of connections. The maximum we normally work on each connection is maybe 20 to 30 minutes. However, the process could be as little as one minute. It depends on how many connections we want to add at a time.

We're handing the implementation via our own in-house team.

I'm just handling the implementation and therefore don't have any insights on the pricing aspect of the solution. I wouldn't be able to say how much the company pays or if the pricing is high or low.

That said, the pricing isn't an issue. It's more about what's best for the customer or the client. We want to give the client the best service, and very good protection. If a client begins to worry about pricing, we can't exactly guarantee the same level of safety.

Our company has a partnership with Cisco.

We have different clients and therefore use different versions of the solution. Nobody wants to use an out-of-date version, and therefore, we work to keep everything updated.

Overall, I would rate the solution at a nine out of ten.

We are using this solution for the site-to-site VPN tunnels and VPN Connections.

I like all of the features.

It is my understanding that they are in the process of discontinuing this device.

They are in the process of shutting down this ASA series and will continue with Firepower.

In the next release, it could be more secure.

I have been using Cisco ASA Firewall for six years.

We are not using the latest version.

It's a stable solution. I have not had any issues.

This product is scalable. We have 100 users in our organization.

We will not continue to use this solution. We will be upgrading to either Firepower or Check Point.

Technical support is perfect.

I was using Dell SonicWall before Cisco ASA Firewall.

The initial setup was straightforward. 

It's easy to install and it doesn't take a lot of time for the initial configuration.

It took an hour to install.

I completed the installation myself. We did not use a vendor or vendor team.

There are licensing costs.

I would not recommend this solution. The technology is old and they should move to Firepower or NextGen Firewall.

I would rate the Cisco ASA Firewall an eight out of ten.

The primary use is that it manages all of our incoming and outgoing VOIP transmissions as well as data transmissions between our branches and our third-party bank processor. It has performed well.

The ASAs are very stable firewalls, and they've been very good at protecting our assets here at the bank. They have done exactly what they were purchased for. They have done a great job.

I've always looked at Cisco products as being the industry standard. They're wonderful at being able to lockdown and manage that. 

The only con that I have really seen with it is the reporting structure. FirePOWER is good. It has been a great help because, before that, it was not good at all. 

Three to five years.

The scalability is very good. We use the 5600 models and the lower 5000s. We were able to upgrade as needed. We added a ton of VPN tunnels to them and they handled all that traffic quite well.

Support has been very good, very professional, got right to the point. My third-party administrator got stuck on setting up some tunnels. We called ASA support and they walked him right through how to do it. That was good.

The third-party did all of the setup. I told him what I wanted and he set everything up and got the tunnels for us as well.

The cost of keeping the licensing up on the ASA is very expensive. It has a lot of positives, but the cost of going with it is really starting to be a major negative right now.

Talk to your peers in the industry, find out what they use and why, and then look at exactly what you're using it for. We changed a great deal of our infrastructure, adding a lot of extra tunnels, so that made a complicated product even harder to manage. Look at what you're comfortable in managing with their interface.

We start looking at upgrade cost, our constant licensing cost. I look at other products that rank very high in industry ratings. Now I'm looking at similar products that are a little bit easier to manage. That is another fault of the ASA. They're very complicated to manage, but that’s because they have so many features. It's a very feature-rich product.

When selecting a vendor the most important factors are

• Security - obviously that is number one because we are a financial institution
• stability of the vendor
• how the product is ranked in the market.

In terms of security, right now is a really tough time for us because, even as a smaller community bank, we’re targeted. We have huge targets on us right now from hackers. I have to have a product that is stable, that will hold up, from a reputable company. I'm looking at companies that are top-tier.

I would rate the ASA equipment itself a nine out of 10. The software and manageability would rate a seven and the reason for that is the complexity of it. It is extremely complicated, even for our Cisco-certified person who manages it for us.

We use Cisco Secure Firewall in our own company for site-to-site VPN to access our customers and provide remote support.

We sell the solution to our customers as well. They use the ASA or FMC for dedicated networking, for example, the process network. That is, they dedicate the process network or ASA to the user network.

As a Cisco Secure reseller, I add value with my professional background, for example, in Cisco TAC, to my customers. We choose to sell Cisco Secure Firewall because of our partner status with Cisco.

The most valuable feature for the customers is that they can control what communication is allowed and what is not allowed. That is, they can allow or deny client traffic.

It also secures the internal network to allow specific client traffic or machine traffic.

Cisco Secure Firewall helped reduce our clients' meantime to repair by 40%. This is because they can easily segment the network. It's easy to troubleshoot because of micro-segmentation.

Cisco Secure Firewall should be easier to handle. It uses ASDM, which is not easy to understand. It would be better if there was direct access via HTTPS.

I have used this solution for around five years, but my company has been using it for 30 years.

Cisco's technical support for security is good. The support staff are professional and know what to do. I would give them an eight out of ten.

Positive

The deployment of the firewall is more difficult if you want to use all of the features. However, if you're using it only as a VPN, then it's a little bit easier to deploy.

Compared to Cisco Secure Firewall, other firewall solutions are easier to handle because they do not use ASDM. They have direct access via web browsers.

If you're considering Cisco Secure Firewall, take a look at what you want to use the firewall for and what kind of handling you prefer. If you prefer easy handling via browsers, then you may need to use another solution because ASDM is no longer the state of the art.

Overall, I would rate Cisco Secure Firewall at seven on a scale from one to ten.

The I add as a reseller is the professional background.

Our clients use Cisco Secure Firewall to protect them from data breaches. They also use it for site-to-site VPN connections and remote access.

The most valuable features are remote access, site-to-site VPN, and next-generation features.

The management of the firewalls could be improved because there are a lot of bugs.

I've been selling this solution for three years.

Most of our clients have deployed the solution on-premises and are slowly migrating to hybrid and to SaaS models.

When you configure it, it's very stable.

Cisco Secure Firewall is a scalable solution.

Cisco's technical support is good.

We used to sell Palo Alto firewalls and switched to Cisco because it was more cost-effective for clients.

As a Cisco reseller, I try to give our customers the best possible solutions for their problems.

The initial setup is straightforward for smaller organizations, but it can be complex when companies are larger.

Migrating certain components of a client's previous firewall configurations to Cisco Secure Firewall with the migration tool is simple, easy, and quick. However, it would be really nice if we could migrate complete ASA configurations to FTD with the migration tool and not just the policies and objects.

Maintenance-wise, we troubleshoot and make changes if required.

I deployed it myself with, and perhaps with one person from the client's end.

On a scale from one to ten, I would rate Cisco Secure Firewall at seven.

We use it to protect our DMZs and externals, to protect our network from our other city partners who manage their own networks to which we have direct connections, like VPNs, and to manage the security parameters between inside and outside connectivity and vice versa.

Cisco Firepower NGFW Firewall was introduced as a migration of many firewalls into one. Just having one firewall with one place of security and one place to look for your packets has really helped.

The features I've found most valuable are the packet captures and packet traces because they help me debug connections. I like the logs because they help me see what's going on.

The security correlation events and the network map help me to drill down on a host at will.

I really like the flexibility of the policies such as those you can use and the layer three policies with which you can block applications. It's really versatile. I like the security zones.

Cybersecurity resilience is our main focus right now. Because we're a government organization, everybody's really nervous about security and what the ramifications are. My device generates all the logs that our security team goes through and correlates all the events, so it's really important right now.

I think they need to review their whole UI because it feels like it was created by a whole bunch of different teams of developers who didn't fully talk to each other. The net policy screen is just a mess. It should look like the firewall policy screen, and they should both act the same, but they don't. I feel like it's two different buildings or programming, that don't talk to each other, and that really annoys me.

They should either build an application or get away from the web. They need to do something that's uniform and more streamlined.

We have a multi-person firewall team, and I can't look at a policy while somebody else is in it. It'll kick me out. I might be working on something that the other guy has to modify. I know that in the next versions they will be dealing with it with a soft lock, but it should've already been there.

One of Cisco's strengths is the knowledge depth of their staff. The solutions engineer we worked with knew the routing and each protocol. If he didn't know something, he would reach out to someone else at Cisco who did. He would even talk to a developer if he needed to.

I've been using Firepower for about three years.

There are some stability issues. We ran CheckPoint for years and didn't have problems with the firewall itself. However, with Firepower, in the past two years, we've had two major crashes and a software bug switchover.

We were debugging NAT rules. I did a show xlate for the NAT translation, and the firewall rebooted itself.

It has only been three instances in two years, but when I compare the stability to that of CheckPoint, it seems higher. CheckPoint just seemed to run.

We have about 8000 end users. Scalability-wise, it's already handling a large amount of traffic.

I like that Cisco's technical support will help me recover the firewall when everything falls apart. I'd give them a nine out of ten. They've really been consistently good, and they go after the problem.

Positive

We previously used CheckPoint and Fortinet. We switched from CheckPoint because it was unsupported, and we wanted to move to a next-generation firewall.

We went to Fortinet, and when we switched over, it caused a huge network outage. The Cisco engineers helped fish us out of that. Our GM at the time preferred Cisco, and we switched to Cisco Firepower NGFW Firewall.

Setting up the machines was straightforward, but exporting was complex. That is, it wasn't a complex deployment as far as the hardware goes. It was more of a complex deployment as far as transferring all the rules go because of our routing architecture.

Firepower is our main interface out to the outside world. We have about eight DMZs that are interface-based. You can do a logical DMZ or you can have an interface and a logical DMZ. We have about eight that are on interfaces. Then, we have our cloud providers and the firewall. We have rules so that our cloud providers can't ingress into our network.

I've found that Firepower does need a lot of maintenance. It needs a lot more software updates than other solutions. We have three people to maintain the solution.

For the deployment, we had about 18 team members including firewall administrators, Cisco firewall engineers, and techs.

The licensing scheme is completely confusing, and they need to streamline it. They have classic licensing and a new type of licensing now. Also, the licensing for the actual firewall is separate from the one for TAC support.

My advice to leaders who want to build more resilience within their organizations is that they should help make policies. Leaders don't want to make policies; they don't want to put their names on policies or write policy documents. I as a firewall administrator am the one saying what the policy should be. I tell them what should happen, and sometimes, they resist.

Also, because the system is just too big to really manage without TAC, you would need TAC along with Firepower.

My advice would also be to go with HA or a cluster up front and not to be cheap. You really need to go in with a robust solution up front.

I would rate Firepower an eight on a scale from one to ten because the firewall and tech support together make it a very robust solution.

We use it for VPN access for our two-factor authentication. We were looking to get access through AnyConnect, to gain access to devices behind boundaries and firewalls.

It has improved things greatly by giving us easier and better access, easier configuration, and allowing users to gain the access they need. We have also had less downtime using these firewalls.

AnyConnect has been very helpful, along with the ability to use LDAP for authentication. It's very robust and we are able to do many different things that we were looking to do.

The ASAs are being replaced with the new Firepowers and they have a different type of structure in the configuration to be able to migrate from one to the other.

I have been using Cisco ASA Firewalls for 20 years.

The stability is very good. It has been a very stable environment. Since the new AnyConnect came out, it's been very easy to use and very much self-sufficient.

You can vary scalability from very few users to thousands of users.

Technical support has been very helpful at times, helping us to know what bugs and what things are getting fixed in the next releases.

Positive

As an architecture team, we had a pretty good idea of what we wanted to do and how we wanted to do it, so it was pretty straightforward and easy. We have each one across many different avenues and many different boundaries, so each one took about a day to deploy.

We needed two to three people to deploy them and another one to go over some things to make sure everything was good to go.

There is routine maintenance, keeping it up to date and making sure the licensing versions are all good to go. We have a four-man team for maintenance and they work a regular shift of eight hours.

We used a reseller, FedData. Our experience with them was good.

It took us about six months to see benefits from our ASA Firewalls. We've seen return on our investment in terms of the timeframe of downtime, and the ability to get users connected faster and more easily has been a big benefit.

The pricing of the products isn't terrible. They're not too expensive. They're a little more expensive than other products, but you are getting the name, the company, and the support.

It's also nice that you can buy different avenues of licensing, depending on how you want to go about using them.

We buy a support license to get support if we have any issues or problems or need help on how we want to implement things.

We evaluated other options, but that was a long time ago. We went with Cisco because it is so robust as well as because they have been able to integrate their solutions into many different architectures. That makes their products easier to use.

Each use case is different and things depend upon your cost analysis and how much you need. We have these firewalls in different avenues over about 30 different sites.

The biggest lesson from using the solution is being agile which has included learning to understand how to use the ASDM and figuring out how to configure everything—the little nuances—and what can and can't be done on the CLI.

These firewalls, along with the upcoming Firepower that they're being replaced by, are going to be very good assets for two-factor authentication and VPN access.

We are using it for security on everything from small customers to big data centers.

It is stable. We saw benefit from this in just a few days.

Cisco AnyConnect is my favorite. It is awesome. It also exists on Firepower and newer things.

Cisco ASA is starting to get old and Firepower is taking over. All the good things happening are with Firepower. Everything that I could wish for is in Firepower. We will probably not be doing too many new installations of ASAs since Firepower is mostly taking over.

I have been using it for 15 to 20 years.

It is stable and secure. There are a few bugs, etc. Overall, we are very happy with it. We have never looked at anything else because it works so well. I would rate the stability as 10 out of 10. It is very good.

There is maintenance. We have to keep an eye out for software upgrades and forced changes to the configuration. We have a network operations team of 15 people who take care of these things from day to day.

The solution's scalability is very good.

We use it on customers who have two employees up to customers with 5,000 employees. It is also used for customers who have one site or several sites. It is all over the place

Cisco tech is always good and helpful. I would rate them as 10 out of 10.

Positive

I didn't use another solution previously.

All our deployments have been different. Some have been really easy and others have been really complex. It could go either way: some are complex and some are easy. The complex solutions could take days or a couple of weeks to deploy. Easy solutions take a day.

If it was a big project, there would be a pre-project identifying what we were going to do and making a plan for it, then we would realize that plan. If it was a smaller thing, we would just jump into it.

It was deployed in-house. Depending on the solution and its complexity, it could take a single person to a team of 20 people to deploy it.

Our return on investment is having a network that we don't need to think too much about. It works, and that is it.

Cisco is always expensive, but you get what you pay for. It is expensive for a reason. It is a good solution, and good solutions cost money.

AnyConnect is an extra license. If you want the IDS/IPS things, those are usually extra too.

I evaluated Check Point, Palo Alto, and Fortinet, but Cisco won the race. Since we were already running most of our other networking with Cisco, it felt natural to land on Cisco.

I would rate the solution as 10 out of 10.