Cisco Secure Firewall Reviews

Our primary use case for this solution is to protect data from unauthorized access.

The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats.

The IPS is a must for a firewall.

The firewall throughput is limited to something like 1.2 Gbps, but sometimes we require more. Cisco makes another product, Firepower Threat Defence (FTD), which is a dedicated appliance that can achieve more than ten or twenty gigabits per second in terms of throughput.

I have found that Cisco reporting capabilities are not as rich as other products, so the reporting could be improved.

This is a reliable solution.

We started with version 5.4, but there were many releases available on the website and we were obliged to aggregate, step by step, to reach the current version.

This solution is really scalable and reliable. In my opinion, Cisco products are always scalable.

Cisco has a very good team for support. They are always available, and they give you a flexible solution. It is not just about getting a solution. We are learning, as well, when we request assistance. They also have a knowledge base that we can access in order to find resolutions for problems.

We were using the SonicWall solution prior to this one, but it reached end-of-life because we had updated our architecture. This is why we migrated to a next-generation firewall. We had also been using Fortinet FortiGate.

The initial setup of this solution was a bit complex because it was a new technology for us. We did find documentation on the vendor's website, and it also helped that we found some videos on how to do the configuration.

Our initial deployment took approximately three months because we were learning from scratch. We still had some service requests open because we could not fine-tune the solution, and ultimately it took a full year to fully deploy.

This solution is managed by the qualified people in our network engineering team. 

We tried to deploy this solution by ourselves, but our team was not quite qualified to implement this solution. It was a good opportunity for us to learn about it. 

We are in the process of renewing our three-year license, which costs approximately $24,000 USD for the thirty-six months. In terms of licensing, this product costs a lot, but this cost can save my assets that could be millions for my company. There is no choice.

We did have knowledge of other products, but we chose this solution because it facilitates the sharing of information with their knowledge base. It helps you learn from scratch.

My advice to anybody who is considering this solution is not to think twice about it. There are a lot of features that come with the cost. These institutions secure our network and they have to do research. The price of this solution is justified when you consider that it secures our network and protects our valuable assets.

This is a very good solution but it is not perfection.

I would rate this solution a nine out of ten.

We primarily use this solution for network security.

This product has increased the visibility in our network.

The most valuable feature of this solution is its ability to integrate vertically.

There used to be information displayed about the packets in a module called Packet Flow, but it is no longer there. In order to accomplish the same thing you now have to wade through lots of information in the Syslogs.

This is a highly stable solution.

This solution is very scalable.

Technical support for this solution is good. The response times meet our expectations and we have not had any issues.

We have always been using this same solution, but previous versions. We update them in trying to keep up with the amount of data coming through, such as more streaming.

The initial setup of this solution was straightforward. We had the proper documentation to reference.

We deployed this solution in-house.

I don't work with the numbers, but I can say that it's great for security and has improved our effectiveness at the office.

The cost of this solution is high.

We did evaluate another option, but we stayed with the Cisco solution because it's trustworthy.

This is a good product from a trustworthy vendor, but it is not perfect.

I would rate this solution an eight out of ten.

I am a banker. I'm working in the bank and our equipment is mostly based on Cisco for the moment. We have some incoming projects to deploy from Fortigate to firewalls.

Cisco ASA is that something I used when I was preparing for my CCNP exams. I've been using it on the incoming project that we want to do right now. 

It is easy to deploy Cisco ISP solution in the bank I'm working in, i.e. Cisco Identity Services Engine. We're already used Cisco ISSO. 

I have three Cisco ASA modules:

1. Security for perimeters
2. Security for data centers
3. Data center recovery

I have been using Cisco ASA since I've been at the bank for more than two years now. The model is 5515X. I have two modules of 5515X and the third one is the old 55105. 

My primary use of Cisco ASA is to take advantage of all the features. I use it to enforce security policy and also to take advantage of the Firepower module.

I have a firewall module on my two instances of 5515X. On the Firepower side, I use all features on Firepower modules that are included in the AMP.

The biggest improvement has been in the internet features. We have been asked to prohibit internet access for all users except the bank services division and that is improved. 

For AMP features, we use Cisco ASA to track traffic in inbound and outbound patterns, so we can set expectations for network traffic. I also used the exception for encrypted traffic. 

One problem: Before installing encrypted traffic, I had to decrypt it first. Before setting it back, I encrypt it again. That's just the way Cisco ASA functions.

I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little of the Palo Alto Networks equipment. There is a lot I have to learn about the difference. 

Based on my certification, I had to do a lot of lab work, a lot of projects, a lot of technical work with Cisco ASA. Now, I'm moving to other vendors, like Palo Alto Networks and Fortinet so that I can empower my level of technical experience.

• All my change requests are for Cisco ASA to work more on ease of management. 
• All of the features of Cisco ASA are used by all of the other vendors on the market. 
• The firewall solutions are all based on the same network equipment. 

The difference is why each business chooses to use it and how they implement the architecture for their solution using Cisco ASA and Firepower features.

The installation and integration of Cisco ASA with Firepower can be improved. I used Fortigate as well and I can say that Fortigate's features are more usable. 

The management with Fortigate is easier than Cisco ASA on Firepower. The management side of Cisco ASA can be improved so it can be more easily configured and used.

The stability of the Cisco ASA platform is okay. I know that Palo Alto is the first rated one, followed by Fortinet.

The scalability is based on module support. We have a stand-alone version. It is not 100% applicable to talk about scalability at this point. 

There is another Cisco ASA module available that is more scalable than ours. For the module I have, the stand-alone, the scalability is not as good as on the higher model. 

The 5585 model, allocated for data center security, can be facilitated into the switching spot or the working spot in our data center. We can recommend the scalability there. 

For the module I have, I'm using it as a stand-alone. I don't think it is scalable too much at this point. 

I'm using Cisco ASA in my organization to support about 150 staff. For maintenance, I do all of the work myself.

I do everything if you need a Cisco ASA solution to be deployed for an infrastructure requirement. We are just a team of three. There is just me and my colleagues. 

I'm in charge of all the infrastructure system, including the network and security infrastructure. On all tasks related to the system security and network infrastructure, I'm in charge of it.

I had to work with Cisco customer support two or three times, a long time ago. I had to work with them based on a problem with my call manager. We had a good ability to work together with Cisco customer support. It was normal. 

They asked about the information on the installation. I had to upload it to them. They took that and came back to my problem with the results. I had a good experience with them.

I didn't use a different solution in my bank, but on some other enterprise jobs, I used some unique firewall solutions. 

Since I have been at the bank, only Cisco ASA has been deployed. We just added two new modules. In the bank, we only use Cisco ASA solutions.

I will say Cisco ASA has a complex setup just based on the security policy we have to enforce (asked by the chief, the CIO). For me, it's not complex. 

Cisco ASA is not difficult because I am in it for a year so it's easy for me to understand. I have no problem on the technical side. I always manage to do what I'm asked to do on security-side enforcement. I have no problem with that. It's normal for me. 

It was 2 years ago that we were trying to deploy our facility equipment. We took advantage to deploy the Cisco ASA firewall (model 5515X). 

For now, it's the only one. Since then, we're using it in an upcoming project. I will have to deploy some Fortigate and Cisco ISL as well.

I don't have a technical problem implementing Cisco ASA. I am a double CCNNP and I'm preparing for my CCIE. On the technical side, I don't need help.

I had to work with external partners because they provide us with uptake equipment. They're available to follow up on the project with us. 

We just had to make some tests to deploy some labs. However, when it comes to configuring Cisco ASA for production, I was alone. 

On a security basis, we couldn't let the partner know the details of our address space. This is prohibited within our organization by security policies. 

I had to re-do everything from scratch. For this implementation of Cisco ASA & Firepowe, I was alone.

The licensing for Cisco ASA is on a yearly basis. We have to renew the Firepower module license. We are in the process of renewing this one. 

I just made the demand. They have the management who is charge asking about the price and payment terms on different offers. 

We are just a branch bank. The decision is not made here and the branches just have to follow the central policy.

Cisco ASA is a good solution. I never had a problem with. I will say that I mostly recommend Fortinet because of their ease of management and Palo Alto Networks because of their reputation for business efficiency.

I would rate Cisco ASA with an 8 out of 10 points.

We mainly use it in the data center. We are obliged to use a firewall. It's a necessity.

It has helped in securing our infrastructure from end to end so that we can detect and remediate threats. There is another office in my company that does threat detection, but it has been helpful.

It hasn't freed up any time. We still have to manage the firewall. It's something we have to do.

All the features except IPS are valuable. IPS is not a part of my job.

It's already pretty good. In terms of functionality, there isn't much to improve. There could be more bandwidth and better interface speed.

I've been using Cisco firewalls for 20 years.

Its stability is very good.

It's better to have a higher speed. I'd rate it an eight out of ten in terms of scalability.

We have multiple locations and multiple departments. We are a big company, and we have a lot of remote sites. We have about 6,000 of them.

They are very good. From time to time, Cisco employees come to us and provide information about the latest features and new products. I'd rate them a ten out of ten.

Positive

We have other firewalls, and it hasn't helped to consolidate other solutions. We have to use the Cisco firewall and other vendors because of internal law. We have to use two firewalls, one from vendor A and the other one from vendor B.

We went for Cisco because it's affordable. It's something you can trust. It's something you know. It's a valued product. 

I've been involved in configuring it and assessing and ensuring that the configuration is up to date and there are no bugs, etc.

Its initial setup is not at all complex. I've been working with Cisco firewalls for 20 years, so I know them very well. It's not complicated for me.

We have all deployment models. We have on-premises and cloud deployments. We have everything. I belong to a big organization.

We had a consultant for integrating the product. Our experience with the consultant was good.

The number of people required for deployment varies, but one person can deploy the solution. It's quite easy to implement. It doesn't require a lot of staff.

It requires normal maintenance.

It's affordable.

Try it. You will be happy. 

I'd rate Cisco Secure Firewall a ten out of ten.

With [my company], NIL, it's cross-domain. It's just not ASA, but in particular we work with customers where we talk about the physical boxes or even the virtual appliances that we're deploying. The use cases can be multiple, but mostly what we have seen is perimeter security, looking at blocking [and] allowing of traffic before accessing the internet.

The majority of the challenges that we see across customers and partners is looking at the data, the integrity, security, [and] looking at various areas where they need to put in boxes or solutions which could secure their environments. It's not just about the data, but even looking at the endpoints, be it physical or virtual. That, in itself, makes the use case for putting in a box like ASA. 

And, of course, with the integrations nowadays that we have from a firewall, looking at multiple identity solutions or logging solutions you could integrate with, that in itself becomes a use case of expanding the genres of integrated security.

The best features would obviously be the ones that are most used: the perimeter security, allowing/blocking of traffic, NAT-ing, and routing, or making it easy as compared to a router. If you were to do the similar features on a router, it would be way more extensive and difficult as compared to a firewall. These are the majority of the features that anyone would begin with.

But of course, they expanded to other features like IPS or cyber security or looking at vulnerabilities or scanning, port scans. Those are the advanced things.

[In terms of overall performance] in the last decade or so, especially in the last three or four years, the scale of where the architecture has been—all the numbers, the stats, everything—has gone up exponentially. It's all because of the innovations that are always happening, and not just at the hardware level, but particularly at the software level. Of course, we can always look at the data sheets and talk about the numbers, but all I can say, in my experience, is that the numbers have really gone up, and the speed at which the numbers have gone up in the last couple of years or so, is really progressive. That's really good to see.

We're reaching [the point] where we want it to be. If you go 10 years back, we did miss the bus on bringing in the virtual versus the physical appliance, but now that we have had it, the ASAv, for a few years, I think we are doing the right things at the right place. 

The only improvement that we could make is maybe [regarding] the roadmap, to have better visibility as to what we are targeting ahead in the next few quarters. That is where we, as partners, can also leverage our repos with our customers and making them aware that there might be some major changes that we may have to introduce in their networks in the near future.

I started back in the days with ASA when I was [with] Cisco. I was [with] Cisco for 12 years. I started as a TAC engineer, and one of the teams I was leading was the ASA team, firewall, and across VPN, AAA. it became like a cross-border team or cross-architecture, and it's been long enough. I've been working with ASAs for about 12 or more years now.

From the stability standpoint, it's way better. Is there a scope for improvement? Of course. There always is. But I can just speak from my experience. What it was and what it is today, it is way better.

We look at scalability for any product of Cisco. I cannot be confined to the ASAs. We have physical, virtual, and cloud deployments. Everything is possible, so scalability is no issue.

Support, when you look at any product from Cisco, has been top-notch. I was a TAC guy myself for 10 years and I can vouch for it like anyone would do from TAC.

Support has always been extensive. There is great detail in root cause analysis. Going back into my Cisco TAC experience, it's always the story that if you know the product well, you know the things that you need to collect for TAC or for any other junior SME to work with you collectively, to get down to the solutions sooner. Otherwise, they have to let you know what you need to collect. It's better to know the product, get the right knowledge transfer, work towards those goals, and then, collectively, we can work as a great team.

I have mostly been involved in the pre-sales stage, and then eventually the post-sales as well. But we do the groundwork of making sure that we have set the stage for the customer to get the initial onboarding. And at times, I do it with other engineers or other colleagues who take it over from there. In my experience, it has been pretty straightforward.

It's not just the implementation, but [it's] also managing or maintaining [the ASA]. It would depend on how complex a configuration is, a one-box versus cluster versus clusters at different sites. Depending on the amount of configuration complexity and the amount of nodes that you have, you would need to look at staff from there. It's hard to put a number [on it and] just say you need a couple of guys. It could be different for different use cases and environments.

[In terms of maintenance] it's about a journey: the journey from having the right knowledge transfer, knowing how to configure a product, knowing how to deploy it, and then how to manage it. Now, of course, from the manageability standpoint, there are some basic checks that you have to do, like firmware upgrades, or backup restores, or looking at the sizing—how much your customer needs: a single node versus multiple nodes, physical versus virtual, cloud versus on-prem. But once you are done with that, it also depends on how much the engineers or SMEs know about configuring the product, because if they know about configuring the product, that's when they would know if something has been configured incorrectly. That also comes in [regarding] maintenance [of] or troubleshooting the product. Knowledge transfer is the key, and making sure that you're up to date and you have your basic checks done. Then, [the] manageability is like any other product, it's going to be easy.

The return on investment is not going to be restricted to just the box, because nowadays, if you look at the integrated security that Cisco has been heavily investing into, it's not just about ASA doing the firewalling functions. Now, these genres have been expanded to cyber, to third-party integrations, having integrated logging, having integrated micro and macro segmentations. The scope has been widened, so the ROI, eventually, has multiplied.

Being a partner, we work with customers who already have different vendor solutions as well. At times, there are a mix of small SMB sites, which could be, let's say, a grocery. There are smaller stores and there are bigger stores, and at times, they do local DIAs or local internet breakouts. [That's where] you do see some cloud-based or very small firewalls as well, but when you look at the headquarters or bigger enterprises, that is where we would probably position Cisco.

[My advice] would depend [on] if they are comfortable with a particular product, if they've been working with a particular vendor. If it's a Cisco shop, or if they've been working on Cisco, or the customers are quite comfortable with Cisco, I would say this is the way to go. Unless they have a mixed environment. It will still depend on the SME's expertise, how comfortable they are, and then looking at the use cases and which products would nullify or solve them. That is where we should position it.

My lessons are endless with ASA, but my lessons are mostly toward product knowledge. When you look at the deployment side of things, or for me, personally, when I was TAC, to know how things work internally within ASA—like an A to Z story, and there are 100 gaps between and you need to know those gaps—and then, eventually, you will get to the problem and solve it in minutes rather than hours.

We use it for remote access VPN. That means the folks at home can work from home using AnyConnect.

For our very specific use case, for remote access for VPN, ASAs are very good.

Cisco also introduces new features and new encryption techniques.

Cisco wasn't first-to-market with NGFWs. That is one of the options now. They did make an acquisition, but other vendors got into that space first. I would tell Cisco to move faster, but everything moves at the speed of light and it's hard to move faster than that. But they should look at what other vendors are doing and try not only to be on the same wavelength but a little bit better. It's hard to be critical of Cisco given that they pave the way a lot, but they should see what their peers are doing and try to emulate that.

In terms of additional features, perhaps there could be some form of integration with the cloud. I don't know how much appetite we would have for that given the principle of keeping a lot of the sensitive data on-prem. But some integration with the cloud might be useful, given that the cloud is everything you see these days. We have our on-premises devices, but maybe they could provide an option where it fails over to a cloud in a worst-case scenario.

I've been using Cisco ASA Firewalls from the time I was in school. I learned it when I was in the academic setting. I joined Cisco and worked there for six years there as a sales engineer before joining my current company.

The stability of the solution is a 10 out of 10.

Scalability is probably a 10 out of 10 for what we're looking at.

Their technical support is very good. Maybe I view them with rose-colored glasses since I was there for six years, but they really do try hard. Cisco cracks the whip on them. They do a lot of work. There's no downtime.

Positive

The challenge we wanted to address was scale. We're growing and we needed something a little more robust, something that could hold a big boy. We've got a lot more employees and we were using an older version of the hardware, so we upgraded to the newest version of the hardware, given that we're familiar with it. It solves our use case of allowing employees to work from home.

I was involved in the design, deployment, and operations. Our team is very special in the fact that we don't delegate to other folks. We're responsible for what we eat and what we design. We actually do the hands-on work and then we maintain it. We tend not to hire out because they come, they wash their hands clean of it, leave, and then there's all this stuff that needs fixing. If we get paged at 3:00 AM it might be our fault, and the lessons are learned.

Our network engineering team consists of about 12 people.

The pricing is fair.

My advice to others would be to design it well and get it validated by the Cisco team or by a consulting company. Don't be afraid of the solution because they have skin in the game. It's been in the market for so long, it's like buying a Corolla, as odd as that sounds. If you have a use case for your car where you're just driving from A to B, then get that Corolla and it will suit you well. It will last you 100 million miles.

Cyber security resilience is super important. We have super important data and we need to secure it. We're regulated and audited by the government and we're audited all the time. I get audited when I breathe. We have to make sure everything is super transparent and make sure that we have all of the fail-safes in place and done well. We have to be very accountable so that there are no "gotchas."

We pretty much use it as our edge firewall and data center firewall.

We have a colocation that is the center for all our campuses. That is where our edge firewall is. We use that for VPN as well, and it was a great thing during the pandemic because we were already ready to go with VPN. We didn't have to do anything extra on that part.

The solution has really enabled us to ensure our university is secure.

Cybersecurity resilience has been paramount. Because there is a threat of losing everything if ransomware or another sort of attack were to happen, the cybersecurity resilience has been top-notch.

The multi-context feature is the most valuable, especially in our data center. Having different needs for different departments is part of our organization. We can have five firewalls in one.

I would like it if they made the newer generation a bit simpler. You can do ASA code and FXOS. It is just a bit confusing with the newer generational equipment on what it can do.

I have been using this solution for five years.

I would rate the stability as 10 out of 10.

We do maintenance for software updates, etc. I don't think we have had any major hardware failures.

We haven't had to really scale up too much.

The technical support is excellent. Every time that we have ever had an issue, we got a result very quickly. I would rate them as nine out of 10.

Positive

We have always had ASA since I have been at the company. The ASAs were in place and we have upgraded to newer ASA Next-Generation Firewalls.

I am not a huge fan of Cisco licensing in general. However, I wasn't really involved with the pricing. That decision was made a little higher than me.

We are in the middle of an upgrade to the newer Firepowers.

We have used Palo Alto for another solution and they have a better firewall. It is a whole new GUI to learn. With Palo Alto, you simply get one code, then that is your firewall. With the newer Firepowers, there are two or three different ways that you can run it. So, we currently have our data center running in ASA code, then we are doing it a different way with our edge ASA. My supervisor has complained about all the different ways that the new hardware can be configured and installed.

Stay more up-to-date with equipment. The old equipment is what will get you, e.g., leaving Windows 7 machines on your network or 15-year-old switches.

Heavily research what can do cluster mode, HA pairs, etc. That is where we ran into the "gotchas". You have to run it in certain ways to have it clustered and run it another way to have it as an HA pair.

I would rate ASA Firewall as nine out of 10.

We are a Cisco partner and we implement solutions for our customers who are generally in the banking sector and other private sectors.

They are using it as a data center firewall and to secure their internet connections. Our customers usually integrate the firewall with ISE, with a Firepower module for IPS, and there are some NAC solutions.

The solution enhances the performance of the network. It blocks most of the threats and it updates attack signatures so it protects customer data better. The loss of data would be a crisis for any customer. With the deep inspection and analysis and the threat updates, it gives you more protection and safety.

Our clients use automated policy application and enforcement. For example, when you have a very big deployment or a bank needs to deploy more branches, this saves a lot of time when doing the implementation. Similarly, when you add more users or you add more devices, when you create a profile of the policies, they will be available in a matter of minutes, regardless of the number of branches or users or applications. It reduces the time involved in that by 75 percent.

The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control.

The integration between the ASA and Cisco ISE is very easy because they are from the same vendor. We don't face any integration problems. This is one of the valuable points of Cisco firewalls. They can be easily integrated with different Cisco security products.

Our clients also use other products with Cisco ASA, such as Aruba ClearPass and different NAC solutions. The integration of these other products is also easy with Cisco. 

It integrates with email security and Firepower. For example, if you have an attached file infected or you have attacks through email, the traffic will be forwarded to the email security and it will be blocked by the firewall. It gives you a clear view of the file and it can be blocked at every stage, protecting your network from this threat.

One of the best parts is the traffic management and the inspection of the traffic packets. The Device Manager is easy to use to supervise things, and the Firepower application gives you clear threat detection and blocking of all threats. Cisco also provides a better analysis of the traffic.

In addition, Talos is an enhancement to Cisco firewalls, and provides a better view.

The device management options, such as Firepower Device Manager (FDM), Cisco Firepower Management Center (FMC), or Cisco Defense Orchestrator (CDO) add a lot of enhancements in the initial deployment and configuration. In migrating, they can help to create the migration configuration and they help in managing encryption and automation. They add a lot enhancements to the device. They make things easier. In the past, you had to use the CLI and you could not control all this. Now you have a GUI which provides visibility and you can easily integrate and make changes.

When I deal with other firewalls like Palo Alto or Fortinet, I think there is some room for performance tuning and enhancement of the ASA. I'm not saying there is a performance issue with the product, but when compared to others, it seems the others perform a little bit better.

There could be enhancements to the cloud part of the solution. It's good now, but more enhancements would be helpful.

Finally, security generally requires integration with many devices, and the management side of that process could be enhanced somewhat. It would help if there was a clear view of the integrations and what the easiest way to do them is.

I have been using Cisco ASA NGFW for more than 10 years.

The ASA is stable. There may be some small stability issues, when compared to others, but it is a stable product. There could be enhancements to the ASA in this area when compared to other vendors, but it is not a problem with the product.

It is scalable, with virtualization and other features.

In terms of future-proofing our customers' security, we recommend the ASA. We have tested it in large environments and it's working well. The lesson I have learned from using Cisco ASA is that Cisco's research is continuous. They provide enhancements every day. It's a product for the future.

Technical support is a very strong point in Cisco's favor. I would rate it very highly. The support is excellent.

The setup is of medium difficulty. It is not very complex. Generally, when working in the security field, things are a little bit complex because you are integrating with many vendors and you are defending against a lot of different kinds of attacks.

The amount of time it takes to deploy the ASA depends on the complexity of the site where it is being set up. On average, it can take about a week. It could be that there are many policies that need to be migrated, and it depends on the integration. For the initial setup, it takes one day but the amount of time it takes beyond that depends on the security environment.

Our customers definitely see return on investment with Cisco ASA because when you protect your network there is ROI. If you lose your data you have a big loss. The ROI is in the security level and the protection of data.

The value of the pricing needs to be enhanced from Cisco because there are a lot of competitors in the market. There is room for improvement in the pricing when compared to the market. Although, when you compare the benefits of support from Cisco, you can adjust the value and it becomes comparable, because you usually need very good support. So you gain value there with this device.

My advice is to take care of and monitor your policies and be aware of the threats. You also have to be careful when changing policies. When you do, don't leave unused policies around, because that will affect performance. You should have audits of your firewall and its policies and follow the recommendations from Cisco support.

Among the things I have learned from using Cisco ASA is that integration is easy, especially with Cisco products. And the support helps you to integrate with anything, so you can integrate with products outside of the Cisco family as well.