Cisco Secure Firewall Reviews

Our primary use case for this solution is to protect data from unauthorized access.

The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats.

The IPS is a must for a firewall.

The firewall throughput is limited to something like 1.2 Gbps, but sometimes we require more. Cisco makes another product, Firepower Threat Defence (FTD), which is a dedicated appliance that can achieve more than ten or twenty gigabits per second in terms of throughput.

I have found that Cisco reporting capabilities are not as rich as other products, so the reporting could be improved.

This is a reliable solution.

We started with version 5.4, but there were many releases available on the website and we were obliged to aggregate, step by step, to reach the current version.

This solution is really scalable and reliable. In my opinion, Cisco products are always scalable.

Cisco has a very good team for support. They are always available, and they give you a flexible solution. It is not just about getting a solution. We are learning, as well, when we request assistance. They also have a knowledge base that we can access in order to find resolutions for problems.

We were using the SonicWall solution prior to this one, but it reached end-of-life because we had updated our architecture. This is why we migrated to a next-generation firewall. We had also been using Fortinet FortiGate.

The initial setup of this solution was a bit complex because it was a new technology for us. We did find documentation on the vendor's website, and it also helped that we found some videos on how to do the configuration.

Our initial deployment took approximately three months because we were learning from scratch. We still had some service requests open because we could not fine-tune the solution, and ultimately it took a full year to fully deploy.

This solution is managed by the qualified people in our network engineering team. 

We tried to deploy this solution by ourselves, but our team was not quite qualified to implement this solution. It was a good opportunity for us to learn about it. 

We are in the process of renewing our three-year license, which costs approximately $24,000 USD for the thirty-six months. In terms of licensing, this product costs a lot, but this cost can save my assets that could be millions for my company. There is no choice.

We did have knowledge of other products, but we chose this solution because it facilitates the sharing of information with their knowledge base. It helps you learn from scratch.

My advice to anybody who is considering this solution is not to think twice about it. There are a lot of features that come with the cost. These institutions secure our network and they have to do research. The price of this solution is justified when you consider that it secures our network and protects our valuable assets.

This is a very good solution but it is not perfection.

I would rate this solution a nine out of ten.

I am a banker. I'm working in the bank and our equipment is mostly based on Cisco for the moment. We have some incoming projects to deploy from Fortigate to firewalls.

Cisco ASA is that something I used when I was preparing for my CCNP exams. I've been using it on the incoming project that we want to do right now. 

It is easy to deploy Cisco ISP solution in the bank I'm working in, i.e. Cisco Identity Services Engine. We're already used Cisco ISSO. 

I have three Cisco ASA modules:

1. Security for perimeters
2. Security for data centers
3. Data center recovery

I have been using Cisco ASA since I've been at the bank for more than two years now. The model is 5515X. I have two modules of 5515X and the third one is the old 55105. 

My primary use of Cisco ASA is to take advantage of all the features. I use it to enforce security policy and also to take advantage of the Firepower module.

I have a firewall module on my two instances of 5515X. On the Firepower side, I use all features on Firepower modules that are included in the AMP.

The biggest improvement has been in the internet features. We have been asked to prohibit internet access for all users except the bank services division and that is improved. 

For AMP features, we use Cisco ASA to track traffic in inbound and outbound patterns, so we can set expectations for network traffic. I also used the exception for encrypted traffic. 

One problem: Before installing encrypted traffic, I had to decrypt it first. Before setting it back, I encrypt it again. That's just the way Cisco ASA functions.

I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little of the Palo Alto Networks equipment. There is a lot I have to learn about the difference. 

Based on my certification, I had to do a lot of lab work, a lot of projects, a lot of technical work with Cisco ASA. Now, I'm moving to other vendors, like Palo Alto Networks and Fortinet so that I can empower my level of technical experience.

• All my change requests are for Cisco ASA to work more on ease of management. 
• All of the features of Cisco ASA are used by all of the other vendors on the market. 
• The firewall solutions are all based on the same network equipment. 

The difference is why each business chooses to use it and how they implement the architecture for their solution using Cisco ASA and Firepower features.

The installation and integration of Cisco ASA with Firepower can be improved. I used Fortigate as well and I can say that Fortigate's features are more usable. 

The management with Fortigate is easier than Cisco ASA on Firepower. The management side of Cisco ASA can be improved so it can be more easily configured and used.

The stability of the Cisco ASA platform is okay. I know that Palo Alto is the first rated one, followed by Fortinet.

The scalability is based on module support. We have a stand-alone version. It is not 100% applicable to talk about scalability at this point. 

There is another Cisco ASA module available that is more scalable than ours. For the module I have, the stand-alone, the scalability is not as good as on the higher model. 

The 5585 model, allocated for data center security, can be facilitated into the switching spot or the working spot in our data center. We can recommend the scalability there. 

For the module I have, I'm using it as a stand-alone. I don't think it is scalable too much at this point. 

I'm using Cisco ASA in my organization to support about 150 staff. For maintenance, I do all of the work myself.

I do everything if you need a Cisco ASA solution to be deployed for an infrastructure requirement. We are just a team of three. There is just me and my colleagues. 

I'm in charge of all the infrastructure system, including the network and security infrastructure. On all tasks related to the system security and network infrastructure, I'm in charge of it.

I had to work with Cisco customer support two or three times, a long time ago. I had to work with them based on a problem with my call manager. We had a good ability to work together with Cisco customer support. It was normal. 

They asked about the information on the installation. I had to upload it to them. They took that and came back to my problem with the results. I had a good experience with them.

I didn't use a different solution in my bank, but on some other enterprise jobs, I used some unique firewall solutions. 

Since I have been at the bank, only Cisco ASA has been deployed. We just added two new modules. In the bank, we only use Cisco ASA solutions.

I will say Cisco ASA has a complex setup just based on the security policy we have to enforce (asked by the chief, the CIO). For me, it's not complex. 

Cisco ASA is not difficult because I am in it for a year so it's easy for me to understand. I have no problem on the technical side. I always manage to do what I'm asked to do on security-side enforcement. I have no problem with that. It's normal for me. 

It was 2 years ago that we were trying to deploy our facility equipment. We took advantage to deploy the Cisco ASA firewall (model 5515X). 

For now, it's the only one. Since then, we're using it in an upcoming project. I will have to deploy some Fortigate and Cisco ISL as well.

I don't have a technical problem implementing Cisco ASA. I am a double CCNNP and I'm preparing for my CCIE. On the technical side, I don't need help.

I had to work with external partners because they provide us with uptake equipment. They're available to follow up on the project with us. 

We just had to make some tests to deploy some labs. However, when it comes to configuring Cisco ASA for production, I was alone. 

On a security basis, we couldn't let the partner know the details of our address space. This is prohibited within our organization by security policies. 

I had to re-do everything from scratch. For this implementation of Cisco ASA & Firepowe, I was alone.

The licensing for Cisco ASA is on a yearly basis. We have to renew the Firepower module license. We are in the process of renewing this one. 

I just made the demand. They have the management who is charge asking about the price and payment terms on different offers. 

We are just a branch bank. The decision is not made here and the branches just have to follow the central policy.

Cisco ASA is a good solution. I never had a problem with. I will say that I mostly recommend Fortinet because of their ease of management and Palo Alto Networks because of their reputation for business efficiency.

I would rate Cisco ASA with an 8 out of 10 points.

The primary use is that it manages all of our incoming and outgoing VOIP transmissions as well as data transmissions between our branches and our third-party bank processor. It has performed well.

The ASAs are very stable firewalls, and they've been very good at protecting our assets here at the bank. They have done exactly what they were purchased for. They have done a great job.

I've always looked at Cisco products as being the industry standard. They're wonderful at being able to lockdown and manage that. 

The only con that I have really seen with it is the reporting structure. FirePOWER is good. It has been a great help because, before that, it was not good at all. 

Three to five years.

The scalability is very good. We use the 5600 models and the lower 5000s. We were able to upgrade as needed. We added a ton of VPN tunnels to them and they handled all that traffic quite well.

Support has been very good, very professional, got right to the point. My third-party administrator got stuck on setting up some tunnels. We called ASA support and they walked him right through how to do it. That was good.

The third-party did all of the setup. I told him what I wanted and he set everything up and got the tunnels for us as well.

The cost of keeping the licensing up on the ASA is very expensive. It has a lot of positives, but the cost of going with it is really starting to be a major negative right now.

Talk to your peers in the industry, find out what they use and why, and then look at exactly what you're using it for. We changed a great deal of our infrastructure, adding a lot of extra tunnels, so that made a complicated product even harder to manage. Look at what you're comfortable in managing with their interface.

We start looking at upgrade cost, our constant licensing cost. I look at other products that rank very high in industry ratings. Now I'm looking at similar products that are a little bit easier to manage. That is another fault of the ASA. They're very complicated to manage, but that’s because they have so many features. It's a very feature-rich product.

When selecting a vendor the most important factors are

• Security - obviously that is number one because we are a financial institution
• stability of the vendor
• how the product is ranked in the market.

In terms of security, right now is a really tough time for us because, even as a smaller community bank, we’re targeted. We have huge targets on us right now from hackers. I have to have a product that is stable, that will hold up, from a reputable company. I'm looking at companies that are top-tier.

I would rate the ASA equipment itself a nine out of 10. The software and manageability would rate a seven and the reason for that is the complexity of it. It is extremely complicated, even for our Cisco-certified person who manages it for us.

• Site-to-site IPsec VPN
• Remote IPsec VPN
• Reverse route injection

Cisco Context gave us the feature of creating a virtual firewall, which is good. It provides us with maximum network isolation. Also impressive is the ISP redundancy.

WCCP, and URLs, in the Cisco ASA Context both need work. When changing from single mode to multiple mode or back, the commands must be done from the command line (CLI) and cannot be done via the ASDM GUI interface. ASA context should be able to support site-to-site VPN, but the current Cisco Context does not support VPN

I've used them for six years.

During the deployment of WCCP, we noted some loopholes like it only supports ports 80 & 443. Application which is running on multiple ports doesn't work with WCCP and to make it work we need to allow respective traffic outside the firewall.

Sometimes there is an issue with the site-to-site VPN.

In certain cases, like an any access-list, if we add a URL the Cisco ASA access-list does not resolve that URL while this can be done in Juniper, and Fortinet.

9/10.

9/10,

I have migrated some set-ups from Cisco to Juniper, but not from Juniper to Cisco.

We have multiple ASA firewalls for different clients now we migrated to Cisco Context.

It was done in-house.

It's 8/10.

If it is for a banking domain, your organisation should use Cisco which can assure better security than any other vendors' products. Also, they have the best documentation, reliability and support.

I use the solution mostly to separate internal networks.

Being able to create and apply new policies to the firewall has been helpful. It is an object-oriented way of doing things that helps a lot because we can build and apply new policies. We can also test it and revert to the old one if it doesn't work.

The monitoring dashboard is valuable to us for troubleshooting. It lets us see if the packets get from the source to the destination correctly.

With the new FTD, there is a little bit of a learning curve. The learning curve could probably be simplified a little bit. I've come around that learning curve, and I'm able to get around it.

I have been using the solution for 15 years.

Cisco is known for its general stability.

The solution’s scalability is excellent. I don't know if the scalability has a downside or even a limit.

The support is really good. I have a good team that supports us, and I'm able to always reach out to them. It's nice to have somebody on the cell phone and just be able to reach out to them.

Positive

Years ago, I used different firewalls like Juniper, but mostly, it's been fixed to ASA and FTD. We switched to Cisco because our customers were using Cisco.

The initial setup had a little bit of a learning curve, especially because I came from ASA. I needed some help from Cisco. However, I knew what I was doing once it was set up, especially with FMC and Firepower.

We used Cisco’s support to deploy the product.

In general, we have seen an ROI on the product. Using it, applying policies, setting it up, and leaving it alone is helpful. It helps save resources.

I don't use the product for application visibility and control. I tend to worry more about blocking or allowing certain things versus looking deep into the servers and applications and how they work.

The product is great for securing our infrastructure from end to end. I'd like to be able to test out some of the other products, like dashboards and IPS/IDS, that work with it. For the most part, I set up a firewall, and I set up the rules. If things don't work, I monitor it through the monitoring dashboard and try to figure it out.

Cisco Secure Firewall has helped free up a lot of time for our IT staff. Apart from monitoring, unless somebody needs a firewall rule change or anything like that, there's no need to mess with it. Once we set it up, it just runs.

The solution has helped our organization to improve its cybersecurity resilience. Being a firewall, by definition of the term, the product has improved our organization’s security.

People should always evaluate other products. If you’re looking for a solid firewall, Cisco makes the choice so much simpler, especially now with FMC. We are able to apply policies easily and control different firewalls at the same time.

Overall, I rate the solution a nine out of ten.

We use Cisco ASA and Firepower.

ASA is used for AnyConnect connections, that is, for users to connect to the office. It is very reliable and works fine.

We use Firepower in some sites as firewalls to control inbound/outbound access. We use it as a software protection layer. However, because most users are now working from home, few users need it in the office. As a result, in some places, we have switched to SD-WAN.

The network products help save time if they are well configured at the beginning. They help increase security and protect the company's data.

Firepower's user experience should be a little bit better.

I've been using Cisco Firepower for six months.

There are some hiccups here and there, but compared to the technical support from other vendors, I have had the best experience with Cisco's technical support. I would rate them at nine out of ten.

Positive

The initial setup was somewhat easy because we had previous experience with implementation. We copied that strategy or tried to align it to that implementation, but there were some challenges.

We have a hybrid cloud deployment. We have our own data centers and a lot of branches. In the data centers, most Cisco technologies start with ACI. With firewalls for big branches, we find that it's easier to break out to the internet globally rather than to use data centers.

Cisco's prices are more or less comparable to those of other products.

Compared to other vendors' firewalls, Cisco's firewalls are a bit behind. Overall, however, I would rate Cisco Firewall at eight on a scale from one to ten.

Our customers for the most part use this solution in data centers. 

The feature my customers find the most valuable is the exportability. They also appreciate that the IPS features are easily migrated from Cisco SA to FTDs. 

We have seen some bugs come up with Cisco Secure Firewall in terms of high availability. The solution should be improved to avoid these bugs. 

We have been using Cisco Secure Firewall for almost a decade. 

Cisco's support is much better than other vendors' support. In my opinion, this is a big advantage for Cisco. The support Cisco offers is upper-level. 

Positive

We previously sold Fortinet devices. However, many of our clients switched over to Cisco because of the price as they are quite cheap. 

We are in the middle of a migration plan to Cisco right now in our company. I am not directly involved. We are working with a Cisco partner but I have been communicating our needs to them. However, I believe the migration process will be smooth for our company. It is crucial to have a solid migration plan in place because we are a core data center, so we have to be careful. 

We are deploying with the help of a partner. 

We do see a lot of ROI from Cisco Secure Firewall. We are in the process of migrating a lot of end-of-support devices with some new ones and the return on investment is there.

Price is a big selling point for Cisco Secure Firewall. They are quite affordable and many clients chose them precisely for this reason. 

This solution helped my clients save money and time. My clients save 50% on time thanks to automation and processing brought on by this solution. 

I have only good things to say about Cisco Talos. It has been quite helpful to our customers.

We primarily use this firewall for IPS, IAM, threat defense, and NAT.

I am from the networking department.

We are using the Firepower Management Center (FMS) and the management capabilities are okay. I would not say that they are good. The current version is okay but the earlier versions had many issues. The deployment also takes a long time. It takes us hours and in some cases, it took us days. The latest version 6.6.1, is okay and the deployment was quick.

I have tried to compare application visibility and control against Fortinet FortiGate, but so far, I don't see much difference. As I try to determine what is good and what is bad, I am seeking third-party opinions.

The most valuable feature is the threat defense. This product works well for threat defense but for everything else, we use Cisco ASA.

This product has a lot of issues with it. We are using it in a limited capacity, where it protects our DR site only. It is not used in full production.

The main problem we have is that things work okay until we upgrade the firmware, at which point, everything changes, and the net stops working. As a financial company, we have a lot of transactions and when the net suddenly stops working, it means that we lose transactions and it results in a huge loss.

We cannot research or test changes in advance because we don't have a spare firewall. If we had a spare then we would install the new firmware and test to see if it works, or not. The bottom line is that we shouldn't have to lose the network. If we upgrade the firmware then it should work but if you do upgrade it, some of the networks stop working. 

We have been using the Cisco Firepower NGFW Firewall for three years.

Cisco's technical support is the best and that's why everybody implements their products. But, when it comes to Firepower, we have had many delays with their support. For all of the other Cisco products, things are solved immediately.

Nowadays, they're doing well for Firepower also, but initially, there was no answer for some time and they used to tell us that things would be fixed in the next version. That said, when comparing with other vendors, the support from Cisco is good.

We use a variety of tools in the organization. There is a separate department for corporate security and they use tools such as RedSeal.

In the networking department, we use tools to analyze and report the details of the network. We also create dashboards that display things such as the UP/DOWN status.

We have also worked with Cisco ASA, and it is much better. Firepower has a lot of issues with it but ASA is a rock-solid platform. The reason we switched was that we needed to move to a next-generation firewall.

The initial setup was not easy and we were struggling with it.

In 2017, we bought the Firepower 2100 Series firewalls, but for a year, there was nothing that we could do with them. In 2018, we were able to deploy something and we had a lot of difficulties with it.

Finally, we converted to Cisco ASA. When we loaded ASA, there was a great difference and we put it into production. At the time, we left Firepower in the testing phase. In December 2018, we were able to deploy Firepower Threat Defense in production, and it was used only in our DR site.

We do our own maintenance and there are three or four of us that are responsible for it. I am one of the network administrators. We can also call Cisco if we need support.

From the perspective of return on investment, implementing the Firepower 2100 series is a bad decision.

Firepower has a very high cost and you have to pay for the standby as well, meaning that the cost is doubled. When you compare Fortinet, it is a single cost only, so Fortinet is cheaper.

Prior to Firepower, we were Cisco customers and did not look to other vendors.

Given the problems that we have had with Cisco, we are moving away from them. We are now trying to implement FortiGate and have started working with it. One thing that we have found is that the Fortinet technical support is very bad.

I would rate this solution a five out of ten.