Cisco Secure Firewall Reviews

Our main use cases for Cisco Secure Firewall include firewall, IPS, and URL filtering.

The feature of Cisco Secure Firewall that I prefer the most is IPS. I appreciate the IPS feature because it's built in and I can control it using the FMC and push out the policy company-wide, making it centrally managed. The IPS benefits my company because that's one of the requirements; we used to have separate IPS. Now it's all integrated, providing ease of use for us. Cisco Secure Firewall has helped my company achieve its goals because it's a next-generation firewall. That's what we need to maintain certain compliance from the security side. Having IPS built in, firewall, URL filtering, everything is centrally managed, so we have more visibility and management.

Compared to the previous generation, the ASA, firewall rules appear differently in the ASDM and the previous generation firewall versus FTD, which I don't prefer as much. The ASA makes it easier to view those policies. There could be some improvement in the way FMC displays the policy.

I have been using Cisco Secure Firewall in my company for the last two years.

I haven't seen any breakdown or instability; the platform has been stable, and we haven't had any issues.

Cisco Secure Firewall scales with the growing needs of my company as we're going to implement clustering. I've used clustering in my past experience; it's very easy and straightforward. We had some minor issues with the clustering. I appreciate the clustering capability, though I haven't implemented it in my current job.

The customer service and technical support have been great; they've always been great.

Positive

I considered other solutions such as Palo Alto before choosing Cisco Secure Firewall. We were using Palo Alto, but we decided to go with Cisco because of its ease of use. We were a Cisco shop, and there's a micro facility where you can migrate all the ASA to the firewall.

The deployment process of Cisco Secure Firewall is simple enough. Out of the box, you perform the initial management configuration, specify the FMC location, join FMC, and then you can manage it from FMC. The process is straightforward and simple.

From my point of view, the biggest return on investment when using Cisco Secure Firewall is the single pane of glass, which is a huge plus for us. Having that visibility, managing all the alerts, IPS alerts, vulnerability management - everything is a huge plus.

My experience with the pricing, setup costs, and licensing is that it's consistent. I don't have much visibility on the licensing side, but I assume it remains the same.

There are differences between Palo Alto and Cisco, particularly on the cloud side. Palo Alto has Prisma Cloud and additional tools. I would say Cisco has room for improvement in that area for the future. We're not heavily in the cloud, so for us, it's not a significant concern.

We haven't used any new features or functionalities in Cisco Secure Firewall recently, but we plan to try file scanning, focusing more on the malware side, AMP and everything. That's something we want to try next.

My impression of the visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic is limited as we haven't tried SSL encryption yet. That's something we might explore in the future.

Regarding Cisco Secure Firewall's ability to unify policies across my environment, managing via FMC ensures accuracy. Unifying policies is essential for my company because it provides one pane of glass. Software pushes, policy implementation, traffic monitoring, and having all alerts in one place are crucial.

The impact of the cloud-delivered firewall on my company's security posture is significant. Having the same FTD running in the cloud, managed by FMC, is our future direction. We currently implement this with Azure.

Regarding zero trust security model implementation, we are exploring options with SD-WAN, both on-premises and in the cloud with firepower. I'm meeting with a Cisco engineer next week to discuss implementation strategies.

I don't see anything that needs improvement in Cisco Secure Firewall; we've been very satisfied with it. I've been using FTD for almost five to seven years now, including with a previous company, and heavily worked on migration from ASA to FTD.

From one to ten, I would rate Cisco Secure Firewall a ten.

On-premises

My main use case for Cisco Secure Firewall is just control between outer boundary and inner boundaries.

The feature I appreciate the most about Cisco Secure Firewall is the FMC platform where it merges multiple firewalls into one management plane. An example of how features of Cisco Secure Firewall have benefited my organization is through easy deployment of access policies across a long array of devices. I assess Cisco Secure Firewall's ability to unify policies across my environment as a single pane of glass with the FMC. If I need to look up a policy or implement something, I just type in the name of the policy I made to see what objects apply to our policy. I appreciate that part.

Cisco Secure Firewall could be improved in several ways. I've noticed in different versions that some versions had packet caps and some didn't. The user interface could be improved, and maintaining a consistent version across the board would be beneficial. Ease-of-use is important, with the user-based interface and keeping plain language. In the next release of Cisco Secure Firewall, it should include features that utilize AI to speak plain language. For example, it could respond to, 'Hey, I want to do this thing,' and guide users accordingly. I know AI feedback is a hot topic, but I wonder how reliant that is on external connectivity. If it can work in an air-gap network, that would be significant.

I have been using Cisco Secure Firewall for at least a few years, maybe three or four years.

I evaluate the stability and reliability of Cisco Secure Firewall as quite strong since it's probably one of the few things that hasn't crashed on us. While I haven't experienced crashes with Cisco Secure Firewall, most of our issues don't come from it unless it's something we've blocked, preventing users from accessing areas. It's never been a device problem or related to the technical implementation of things.

I think Cisco Secure Firewall scales effectively with the growing needs of my organization because we work in boundary-level areas. Most of our users connect on the inside of the boundary and then egress out, making it easy for us to scale out to support thousands of users as long as they connect to that inner part.

My evaluation of customer service and technical support for Cisco is positive. TAC cases generally serve as a good option for anything we've had problems with Cisco devices, and the process is good. On a scale of one to ten, I would rate Cisco's customer service a 10.

Positive

Prior to adopting Cisco Secure Firewall, I was using Fortinet. The factor that led me to consider changing from Fortinet was its vulnerability problems. We scrapped that solution.

My experience with the deployment of Cisco Secure Firewall is pretty good.

Before selecting Cisco Secure Firewall, I considered a couple of other platforms, including some Palo Altos, for separate requirements that Cisco doesn't meet.

My experience with Cisco Secure Firewall is positive. I appreciate it because it has always been easy for me as an individual to navigate and manage anything Cisco-related.

My impression of the visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic is somewhat mixed. I have a concern about the GRE and the Snort inspection. Sometimes Snort would break GRE traffic when trying to tunnel from the outside in. Making a policy to allow GRE always breaks. But other than that, it's been straightforward.

This unified policy management is important to my organization because different functions in a network can apply to many other users. It allows us to see that from one pane of glass, and I can easily search it up by name or IP address. I use Cisco SecureX with Cisco Secure Firewall, mainly Firepower, and we integrate them in FMC.

The integration of Cisco SecureX with Cisco Secure Firewall doesn't really affect dwell time for my team. It just gives us the ability to filter out unwanted things from the outside. We don't use much cloud functionality, so I can't comment on the impact of the cloud-delivered firewall on our organization's security posture.

My evaluation of Cisco Secure Firewall in helping my organization implement a zero-trust security model is that we don't really use it for firewalls. We work with DNA center stuff and fabric-enabled technologies. We use the zero-trust model with 802.1X, but that's more unfirewall-related.

The process of using Cisco Secure Firewall is straightforward; you install it and decide whether to block or allow protocols. It's simple and easy. The language part makes it easy since a Cisco box is a Cisco box, and opening up TAC cases on the Cisco portal is straightforward.

My advice to other organizations considering Cisco Secure Firewall is to understand how a firewall works, know your network, and what you want to block and allow. Cisco has been good with their support level, so as long as they know Cisco, they should be fine. I rate Cisco Secure Firewall 10 out of 10.

On-premises

Other

My main use cases for Cisco Secure Firewall include firewall protection and managing the ingress and egress of a fabric and cloud, involving private cloud tasks, inter-domain, and inter-tenant processes, as well as handling whatever comes in and exits the fabric.

The features from the Firewall have benefited my organization by providing more integration with the Firewall Management Center and other Cisco tools such as ACI, APEX, ISE, and several others such as PXGrid, helping to create an ecosystem of Cisco solutions.

The feature I appreciate the most about Cisco Secure Firewall is its speed, especially for a 40-gig network. 

Improving Cisco Secure Firewall could involve adding more functionality on the box without needing an FMC, as some features become less effective without it. I find it hard to think of anything else to add since there are so many features now that it's challenging to use and understand them all.

I have been using Cisco Secure Firewall since it came out, which was just a year or two ago.

Regarding the stability and reliability of Cisco Secure Firewall, the only issues I encounter are with the Secure Firewalls we have in HA. Sometimes, if they are reloaded improperly, junior staff may fail to see the HA pair, requiring physical resetting of the ports to link them together. Beyond that, I have never had a problem with a Cisco Firewall, FMC, or any of their next-generation firewalls, which speaks for itself.

I would evaluate customer service and technical support for Cisco Secure Firewall as excellent, as my Cisco team for the Army has been exceptional. I don't know how you can get better, and I don't have any complaints after ten years with the same team from Cisco.

Positive

I haven't really seen ROI on Cisco Secure Firewall yet, as we are not in a business that focuses on that. We just need the security functionality.

My experience with pricing, setup costs, and licensing for Cisco Secure Firewall is pretty good. There are a lot of in-place contracts for us that provide the benefit of discounts.

Before selecting Cisco Secure Firewall, I considered other solutions such as Palo Alto. That was about it. I was mainly looking at layer seven firewalls. 

When comparing Cisco Secure Firewall to Palo Alto, what stood out positively was the FMC, which you can buy as either a physical or virtual appliance, allowing for the tying of all your firewalls to it, whereas Palo Alto lacks such functionality or the availability to do deeper analysis such as snort, making it clear that Cisco Secure Firewall wasn't really a competition.

My advice for organizations considering Cisco Secure Firewall is to take advantage of Cisco's C-Pot program, where you can actually use their equipment in a practical setting. This allows for firsthand comparisons with other vendors, giving you clear insights into how everything works, making it worthwhile to get demo gear from our Cisco team to test before making any purchases.

I rate Cisco Secure Firewall a nine out of ten. 

It's not perfect, as nothing truly is, however, I don't know of anything that compares to it, with Palo Alto being the closest option, though their layer seven firewalls are not as effective as those of Cisco Secure Firewall.

On-premises

My main use case for Cisco Secure Firewall is to secure a data center.

They help keep our environment more secure. 

The features I appreciate the most about Cisco Secure Firewall are the policies, ACLs, and traffic behavior analytics. These features have benefited my organization by keeping the environment more secure within the organization.

If I assess Cisco Secure Firewall's ability to unify policies across my environment on a scale of one to ten, it would be an eight. This is very important to my organization, as we work extensively with security because we are a bank, so we can keep the data safe.

I have not recently used any new features or functionalities in Cisco Secure Firewall, however, I would want to try more visibility and observability. My impression of the visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic is that it can improve. There is some traffic that is encrypted that needs to be decrypted to catch something and analyze and give some analytics, so that part needs to work more.

The dashboard needs to be more intuitive and easier to navigate. What stood out to me about Cisco Secure Firewall that made me choose to use it is that it is intuitive, but I feel it could be improved further in terms of intuitiveness. It could be improved to achieve easier configuration and more efficiency.

I have been using Cisco Secure Firewall for eight years.

I would evaluate the customer service and technical support on a scale of one to ten as a ten, as they have expertise and provide solutions for the most difficult problems, so we have had a very good experience.

Positive

We did have Fortinet previously. That had a more intuitive dashboard. 

We did consider other options, including Juniper.

I did not purchase via AWS Marketplace. 

At the moment, we are not using the cloud-delivered firewall. It could be better regarding encryption and encrypting traffic. I have not seen that part and we do not use it since we use it on Fortinet, however, that would be something that helps to keep the network more secure.

I would advise other organizations considering Cisco Secure Firewall that they can trust Cisco Secure Firewall and that they should provide training for their staff to achieve better and more efficient work.

On a scale of one to ten, I would rate Cisco Secure Firewall overall as an eight.

On-premises

We're using the solution as a firewall, for securing our whole network for students and staff throughout the whole school.

Cisco Secure Firewall's performance benefits my company by allowing us to shape the bandwidth and internet for staff with quality of service where it works better for them rather than students, or vice versa. When students are testing, you can adjust it for that too.

The performance part of Cisco Secure Firewall is pretty good. You can control the bandwidth and features such as bandwidth shaping and quality of service, and I appreciate that part. At our school, a lot of the kids use laptops, the staff use laptops, and they have Wi-Fi. 

I just tried the chat feature in Cisco Secure Firewall, and that was pretty cool; the AI worked pretty good when I tried it at home in the evening, so that was a nice feature.

The visibility and control capabilities of Cisco Secure Firewall in managing encrypted traffic are pretty good too, as our finance department uses it, so keeping that part secure for them works out well.

For our students, we have them in certain groups, and then our staff in certain groups, so with Cisco Secure Firewall, you can push out policies for each one.

Cisco Secure Firewall is important. You can control what students are looking at, and if they're looking at something inappropriate, you can control it. You can also see which device is taking up more bandwidth.

Regarding the zero-trust security model, Cisco Secure Firewall helps our company. Our students and staff have the ability to do whatever they need to do with their research. It helps them while keeping security top of mind.

I would like to see more about the pricing of Cisco Secure Firewall or maybe see it enhanced.

I have been using Cisco Secure Firewall for about ten years now.

The stability and reliability of the Cisco Secure Firewall have always been good; it never falls, never fails, and it's always backed up, which is always good too.

We have more kids and more staff coming in, so with Cisco Secure Firewall, just having that ability to add on more features is great. Currently, it appears we're barely using it, so we can add more with it, and we always have room for that, which is good.

Whenever I call about a problem with Cisco Secure Firewall, they're always helpful and very knowledgeable, getting me to the right solutions I need. They're always willing to help afterwards too and send me documentation, which is always good.

Positive

The deployment experience with Cisco Secure Firewall is easy, with a straightforward deployment.

From my point of view as an IT admin, the biggest return on investment when using Cisco Secure Firewall is seeing what kids are looking at, shaping what they're looking at, shaping the bandwidth, quality of service, and you can do all that with the firewall, too. It also helps in blocking kids from things and monitoring what staffers are looking at.

I work for a school, so getting licensing and getting the budget for Cisco Secure Firewall for certain products is a challenge. It's good to have them, however, it costs us a lot.

On a scale of one to ten, I rate Cisco Secure Firewall a ten.

On-premises

I implemented the product which provides end-to-end networking and security features. It starts with secure tunneling, and I performed micro-segmentation in the firewall specific to a particular customer environment. It offers comprehensive security as well as networking features that I have enabled.

The software was mainly the highlight. Most firewalls have a challenge of identifying keywords and providing restricted access, which I encountered. However, Cisco Firewall has very good features, like trusted applications and restricted access for users based on keywords. I could access it appropriately, unlike some firewalls where this is a challenge. Essentially, the restricted access to websites has been exceptional. I was in the life science industry, focusing heavily on compliance. This product meets compliance requirements, and the security process has improved. Stability and consistent performance are critical components of Cisco's product.

The integration, especially for APIs or with other firewall products, is a challenge for me. In some satellite sites where large firewalls are not involved, I used Cisco Meraki. The integration between Cisco products themselves presents difficulties, such as SD-WAN configuration. Managing centralized networking with Cisco is challenging for me in terms of integration with other firewall products.

I have used the solution for almost four years.

The solution is stable and performs well.

Scalability presents a challenge. There is commercial involvement and several factors, making it complex for me. I would rate scalability seven out of ten.

Technical support is unsatisfactory for me. There might be restructuring within Cisco India or with the partner's capability. Whenever I encounter a technical support challenge, it is not an easy process. Even with premium support, it is a struggle. I have to provide many logs, yet problems remain unresolved, often requiring workarounds rather than solutions.

Neutral

The initial setup is not simple as it is all based on my requirements. If the requirement or site is predominantly complex, specialist involvement is necessary. However, for a vanilla installation, it is fine - just not easy.

I have assessed and decided to move on to Sophos. Sophos's support is excellent compared to Cisco and other products, with their technical support team based in South India. I have received a lot of good feedback about it.

Overall, I would rate the product six out of ten. Because of the support and cost, I moved away from Cisco, but otherwise, it is a good product. Recommendation depends on the requirement. If lacking a proper team and being dependent on the OEM and partner, Cisco is not suitable. 

However, if the team is qualified with Cisco-certified people and the requirement is a big network, it can be considered. In today's hybrid work world, having an expanded gateway is more typical than having a single one. Thus, Cisco is unlikely to be recommended for a hybrid requirement unless in-house skills align. Otherwise, depending on partners and Cisco, it can be a risk.

I rate the overall solution six out of ten.

Hybrid Cloud

The solution is used in a normal enterprise-level configuration. It has effectively worked as a perimeter firewall. Our VPN was also configured on it.

The threat prevention is better than FortiGate, but it is less effective than Palo Alto. The VPN functionality is consistent, and the performance is good.

Cisco Firewall is not user-friendly. They complicate simple configurations, requiring multiple steps. Compared to Palo Alto and FortiGate, it is not as effective. Cisco Firewalls require FMC for management. 

If you have a small to medium-sized office with only a few firewalls, you can deploy and manage them without FMC. However, without FMC, it is not fully functional, limiting the features available. You cannot use the asterisk value in address objects in Cisco. 

In other firewalls, hovering over an object displays details like the IP address. With Cisco, you need to access the object to see inside details. Cisco should improve this aspect. The NAT process is handled differently, which I do not like. Obtaining support is challenging compared to FortiGate and Palo Alto. 

Although knowledge-wise they are good, obtaining technical support and involving an engineer in a troubleshooting call is a challenge.

I have used the solution for almost two years.

The scalable performance is good, however, the voice communication is not effective. Compared to FortiGate and Palo Alto, it lags in configuration and other aspects.

Knowledge-wise, they are good, however, obtaining technical support and involving an engineer in a troubleshooting call is a challenge.

Negative

The deployment was a normal activity, similar to how enterprises operate. It worked as a perimeter firewall, and our VPN was configured on it. The installation took approximately half a day.

For mid-sized organizations, I do not recommend it. For ISPs or data centers, I would recommend it due to its good performance and hardware capabilities. Their hardware can handle substantial amounts of data without causing latency. I recommend it for ISP or data center. For enterprise purposes, I do not recommend it. 

I rate the overall solution seven out of ten.

On-premises

We use Cisco Secure Firewall for our servers, protecting data centers, and limiting the ports and threats. We have various web servers hosted in our data center, and to protect them from external threats, we use the firewall.

The most valuable features of Cisco Secure Firewall include the next-generation firewall and its strong anti-malware capabilities. These features protect internal servers from external threats, such as denial of service threats, viruses, and malware. Additionally, Cisco checks and stops traffic containing new threats, taking steps to mitigate them. When our servers are secure, their speed is very good using Cisco Secure Firewall. We do not face any kind of delay or issues, allowing more users to connect seamlessly.

Cisco Secure Firewall is difficult to manage as it lacks a web interface for management, requiring installation of management center software on a dedicated computer or server. Should the management software be removed, it needs to be reinstalled, consuming time and resources. Moreover, the configuration commands are not user-friendly, especially when compared to Fortinet's interface. The process of licensing is complicated, involving many steps to obtain and enter the license key. This process should be simplified.

We have been working with Cisco Secure Firewall for about five to six years.

The technical support is not very good because when support is requested, assistance often takes a few days to arrive as they are quite busy.

We previously used software firewalls running on Linux. We switched because they were not next-generation firewalls and did not provide antivirus and malware protection.

The licensing process for Cisco Secure Firewall is convoluted, involving many steps to request and enter a license key. In contrast, Fortinet or other firewalls offer a simpler process where you just need to enter the key quickly.

Cisco Secure Firewall could improve in areas like user-friendliness and cost-effectiveness, as it is very costly and difficult to manage. I would rate it seven out of ten, but I would recommend other firewalls due to its high cost and complexity.

On-premises