Try our new research platform with insights from 80,000+ expert users
Tayyab Tahir - PeerSpot reviewer
Senior IT Officer at Paragon
Real User
The vendor offers a great educational series to train users on their devices
Pros and Cons
  • "Cisco offers a great educational series to train users on their devices."
  • "It is hard to control the bandwidth of end-users with a Cisco Firewall. That is the main issue I've faced. I used Mikrotik for many years for this very reason. Mikrotik has the option to set a bandwidth restriction for a single IP or complete segments. Cisco should add this option to their firewall."

What needs improvement?

It is hard to control the bandwidth of end-users with a Cisco Firewall. That is the main issue I've faced. I used Mikrotik for many years for this very reason. Mikrotik has the option to set a bandwidth restriction for a single IP or complete segments. Cisco should add this option to their firewall.

For how long have I used the solution?

We have been using Cisco for about five years. All our products, switches, routers, and firewalls are Cisco devices.

What do I think about the scalability of the solution?

Cisco Firewall's scalability is fine. 

What other advice do I have?

I rate Cisco ASA Firewall eight out of 10. Cisco offers a great educational series to train users on their devices.

Buyer's Guide
Cisco Secure Firewall
July 2025
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
861,390 professionals have used our research since 2012.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
IT Consultant at Hostlink IT Solutions
Real User
Stable and easy to configure with useful high-availability and remote VPN features
Pros and Cons
  • "The high-availability and remote VPN features are most valuable."
  • "It doesn't have Layer 7 security."

What is our primary use case?

We provide IT solutions. We provide solutions to our customers based on their requirements. We support them from the beginning and do the installation and configuration in the head office and front office.

We installed Cisco ASA to support a customer in a WAN environment. They used it for site-to-site VPN and remote VPN. They used it for accessing remote office locations via the remote VPN feature. They had Cisco ASA 5500.

How has it helped my organization?

It made our customer's network more secure. They also have customers outside the office, and they are able to use the remote VPN feature to log in securely.

What is most valuable?

The high-availability and remote VPN features are most valuable.

It is easy to configure. It has a GUI and a CLI.

What needs improvement?

It doesn't have Layer 7 security.

For how long have I used the solution?

I used this solution for maybe a year.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable.

How are customer service and support?

For any issues, we contact the local support. They are very easy to deal with.

Which solution did I use previously and why did I switch?

I have also worked with Fortigate.

How was the initial setup?

It was easy to configure. The site-to-site VPN configuration didn't take too much time. It was complete in three to four hours.

What's my experience with pricing, setup cost, and licensing?

Its price is moderate. It is not too expensive.

What other advice do I have?

I would rate Cisco ASA Firewall a nine out of 10.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Cisco Secure Firewall
July 2025
Learn what your peers think about Cisco Secure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
861,390 professionals have used our research since 2012.
Network Engineer at LEPL Smart Logic
Real User
One-time licensing, very stable, and very good for small companies that don't want to do deep packet inspection at higher layers
Pros and Cons
  • "We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing."
  • "The virtual firewalls don't work very well with Cisco AnyConnect."

What is our primary use case?

I have used the Cisco ASA 5585-X Series hardware. The software was probably version 9. We implemented a cluster of two firewalls. In these firewalls, we had four virtual firewalls. One firewall was dedicated for Edge, near ISP, and one firewall was for the data center. One firewall was for the application dedicated to that company, and one firewall was dedicated only to that application.

How has it helped my organization?

Dynamic policies were useful in the data centers for our clients. They were making some changes to the networks and moving virtual machines from one site to another. With dynamic policies, we could do that easily.

What is most valuable?

We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing.

It is very stable. It is a very good firewall for a company that doesn't want to look at packets higher than Layer 4. 

What needs improvement?

The virtual firewalls don't work very well with Cisco AnyConnect. 

There are two ways of managing it. You can manage it through the GUI-based software or command-line interface. I tried to use its GUI, but I couldn't understand it. It was hard for me. I know how to use the command line, so it was good for me. You should know how to use the command-line interface very well to make some changes to it. Its management through GUI is not easy.

What do I think about the stability of the solution?

It is very stable. It has been five years since I have configured them, and they have been up and running.

What do I think about the scalability of the solution?

It is not much scalable. It is only a Layer 4 firewall. It doesn't provide deep packet inspection, and it can see packets only up to TCP Layer 4. It can't see the upper layer packets. So, it is not very scalable, but in its range, it is a very good one. What it does, it does very well.

How are customer service and support?

I have not worked with Cisco support for this firewall.

How was the initial setup?

It is not straightforward. You should know what to do, and it needs to be done from the command line. So, you should know what to do and how to do it.

From what I remember, its deployment took a week or 10 days. When I was doing the deployment, that company was migrating from an old data center to a new one. We were doing configurations for the new data center. The main goal was that users shouldn't know, and they shouldn't lose connectivity to their old data center and the new one. So, it was a very complex case. That's why it took more time.

What was our ROI?

Our clients have seen an ROI because they paid only once, and they have been using their firewalls for five years. They didn't have to pay much for anything else.

What's my experience with pricing, setup cost, and licensing?

I like its licensing because you buy the license once, and it is yours. We don't have to go for a subscription. So, I liked how they licensed Cisco ASA Firewall. Our clients are also very satisfied with its licensing model.

Which other solutions did I evaluate?

You cannot compare Cisco ASA Firewall with any of the new-generation firewalls because they are at a higher level than Cisco ASA Firewall. They are at a different level.

What other advice do I have?

It is a very good firewall for small companies that don't want to do deep packet inspection at Layer 7. It is not easy, but you can manage it. You should know how to use the command-line interface. Otherwise, it would be difficult to work with it.

For Cisco ASA Firewall, there will be no improvements because they will not make these firewalls anymore. They want to make changes to the next-generation firewalls, and they are killing the old ones.

I would rate Cisco ASA Firewall a 10 out of 10. I like it very much.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
reviewer1662657 - PeerSpot reviewer
Network Engineer at a computer software company with 51-200 employees
Real User
Enables us to create policies based on who is accessing a resource instead of just IP addresses but the UI needs improvement
Pros and Cons
  • "Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
  • "It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."

How has it helped my organization?

I can't put Cisco on the firewall when the security landscape has changed so much in the past five to ten years. We are doing a lot more in the next generation of firewalls. We had a legacy classic firewall before we went to Firepower, and we spent a lot less time on that firewall, but we are spending more time on the Firepower because we are utilizing a lot of the features that are available in Firepower that were not available in the previous firewall that we had. I'm not going to say that we're spending less time, but we're gaining more value.

Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.

What is most valuable?

If I were to have been asked a few weeks ago, I would have said threat prevention was the most valuable feature, but the world is changing a lot, so my favorite features a few years ago might not be my favorite features today.

What needs improvement?

The visibility the solution gives when doing deep packet inspection can be complex. I really like the visibility, but it's not always intuitive to use. I also help other customers. We are a contracting company that implements their solutions, and I've found that it's not always easy to get everyone to utilize some of the visibility features. But for me personally, I think they're very valuable. 

The ease of use when it comes to managing Cisco Firepower has a lot of room for improvement. When monitoring a large set of firewall policies, the user interface could be lighter. It's sometimes heavy in use, and there could be improvements there. I know they're trying to make improvements.

It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience.

For how long have I used the solution?

We were an early adopter when Firepower first came out. I've been using Cisco firewalls for the last two decades.

What do I think about the stability of the solution?

For newer hardware models, the stability is good. We've tried to run Firepower on some of the legacy-supported hardware as well, but with the stability issues, they are not as good. If I were to judge based on the hardware that I have, I'd say it's good. I haven't had any issues with the stability on my platform.

What do I think about the scalability of the solution?

We just recently enabled Snort 3 so I'm evaluating the functionality. That's what we've considered, but we haven't done any performance testing. Our company would qualify as a small to medium business company. The average office environment is about 100 to 200 people. Performance-wise, my company is about 120 people.

Scalability is really not relevant. I know there are features that address some of those parts, like clustering and stuff, but that's really not applicable in my use cases.

How are customer service and technical support?

The support is eight to nine out of ten. You can't blame them for any faults of the prototypes, but the support has been really good and really helpful when we had any issues.

Which solution did I use previously and why did I switch?

I have hands-on experience in both Fortinet and Palo Alto. So if I were to compare this to Palo Alto, for example, I would say that the user interface in Palo Alto is a lot better. But the reason that I'm working with Firepower is that we have a Cisco network as well, and Cisco ISE. We're trying to integrate different Cisco solutions. We're trying to utilize the ecosystem benefits where I can connect my Cisco Firepower to ISE and have it talk to the App Cloud. There's a benefit of utilizing Cisco Firepower in conjunction with our other Cisco solutions.

Ease of management is similar with Cisco and Fortinet, I would say similar, but it's easier in Palo Alto.

How was the initial setup?

I recently deployed a similar solution at a customer's premises, and that setup was straightforward.

The steps are fairly documented and the documentation and guides on Cisco are straightforward. You know what you're expected to configure, and it's easy to get up, running, and started. It takes some more time to check everything and get everything as you want to have it, but getting started and getting connectivity and starting to create policies was easy to do and didn't take a very long time.

It took two to four hours, including some upgrades.

What other advice do I have?

My main advice would be to utilize all the guides and documentation available from Cisco publicly and not trying to implement it using legacy thinking. Don't try to just replace something else you have. If you have a next-gen firewall, you want to try to utilize what you're getting, and getting the most out of a firewall. There are some great guides and documentation on Cisco that explains what you can do and how you can do it.

I would rate it a seven out of ten. 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Senior Network Engineer at BCD Travel
Real User
User friendly and easy to use GUI, but stability and scalability need improvement
Pros and Cons
  • "If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
  • "We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."

What is our primary use case?

We are currently using this solution as a VPN and an internet firewall in some locations. In our data center, we are still using FortiGate as an internet firewall but we are evaluating other options.

What is most valuable?

If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.

What needs improvement?

We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve.

For how long have I used the solution?

I have been using Cisco Firepower NGFW Firewall for approximately three years.

What do I think about the stability of the solution?

The solution is not stable. There seems to be always some issues. This is not ideal when you are running a system in a data center environment.

What do I think about the scalability of the solution?

There is room for improvement in the scalability of this solution.

How are customer service and technical support?

I was satisfied with the support we received.

How was the initial setup?

When I did the installation three or four years ago it was challenging. 

What's my experience with pricing, setup cost, and licensing?

This solution is expensive and other solutions, such as FortiGate, are cheaper.

Which other solutions did I evaluate?

I have evaluated FortiGate firewalls and when comparing with this solution there is no clear better solution, they each have their pros and cons.

What other advice do I have?

I would recommend a Next-Generation firewall. FortiGate has a Next-Generation firewall but I have never used it. However, it would be similar to the Cisco Next-Generation FirePOWER, which has most of the capabilities, such as running all the BDP sessions and having security intelligence in one system. 

I would recommend everyone to use this solution.

I rate Cisco Firepower NGFW Firewall a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Head of ICT Infrastructure and Security at City of Harare
Real User
Leaderboard
Stable and reliable, requiring very little support
Pros and Cons
  • "The features that are most valuable within the firewall are the IPS as well as the Unified Communications. We also really like the dynamic grouping."
  • "An area for improvement is the graphical user interface. That is something that is coming up now. They could make the product more user-friendly. A better GUI is something that would make life much easier."

What is our primary use case?

We use it for intrusion prevention and in our VPN that is connected to our head office. It provides protection and security and node clustering. It gives us all the security features that we need within our environment.

What is most valuable?

The features that are most valuable within the firewall are the IPS as well as the Unified Communications. We also really like the dynamic grouping.

What needs improvement?

An area for improvement is the graphical user interface. That is something that is coming up now. They could make the product more user-friendly. A better GUI is something that would make life much easier. Traditionally, Cisco products have been command-line-based.

For how long have I used the solution?

The Cisco ASA Firewall has been in our environment for the past seven years.

What do I think about the stability of the solution?

The product is very stable. We've not had any challenges with it in all this time. It performs very well.

What do I think about the scalability of the solution?

We have 2,000 users who connect through this product. We are planning to increase use as we go, toward the end of the year.

How are customer service and technical support?

The technical support has been excellent. When there have been any issues, they've always been there for us.

How was the initial setup?

The initial configurations were straightforward, not complex at all. It took us just two days to finalize things.

What about the implementation team?

We did most of the setup in-house, but we also had assistance from our partner.

What's my experience with pricing, setup cost, and licensing?

We pay annually and there are no costs in addition to the standard fees.

Which other solutions did I evaluate?

When you compare Cisco ASA Firewall with Sophos, they are more or less the same in terms of functionality.

What other advice do I have?

Cisco ASA Firewall is very stable and very reliable. It requires very minimal support, once you configure it and put it in your environment. You don't need to attend to faults or issues. Once you install it and plug it in, it is good to go.

We have been using the ASA Firewall for a long time, and it is an advanced product for our current use. In terms of improvement, there's not much that can be done to it. It is a solid product, very effective, and it does its job well.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1570647 - PeerSpot reviewer
Senior Information Security Analyst at a manufacturing company with 10,001+ employees
Real User
Useful access controls, reliable, and good support
Pros and Cons
  • "I have found the most valuable feature to be the access control and IPsec VPN."
  • "When comparing the graphical interface of this solution to other vendors it is more difficult to configure. There is a higher learning curve for administrators in this solution."

What is our primary use case?

I am using this solution for monitoring incoming and outgoing network traffic. This includes many types of traffic, such as VPN users.

What is most valuable?

I have found the most valuable feature to be the access control and IPsec VPN. There are a lot of people moving towards the next-generation versions of firewalls which have some advanced features such as this one. You can define rules based on the application instead of how they are traditionally are done. There are more general and traffic controls, and additional features for intrusion prevention for malware analysis.

What needs improvement?

When comparing the graphical interface of this solution to other vendors it is more difficult to configure. There is a higher learning curve for administrators in this solution.

A lot of vendors, such as Palo Alto, are going toward cloud-based systems and Cisco should follow.

For how long have I used the solution?

I have been using this solution for approximately two years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

Since this is a hardware solution it does not scale as well as cloud versions. We have approximately 20,000 people using this solution in my organization.

How are customer service and technical support?

The support of this solution is very good.

What about the implementation team?

We have security specialists to manage the solution.

Which other solutions did I evaluate?

I have previously used FortiGate and Palo Alto solutions. When comparing them to this solution they have more standard features in their normal firewall this one does not.

What other advice do I have?

My advice to those wanting to implement the solution is to look at their use case and see if it meets those requirements for what they are looking for. There are a lot of security features that people may not be aware of and do not use. Explore the solution and all its features which will help you understand the configurations.

I rate Cisco ASA Firewall an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Sr Technical Consultant at a tech services company with 51-200 employees
Real User
Best documentation, good price, and very reliable with useful remote VPN, site-to-site VPN, and clustering features
Pros and Cons
  • "The remote VPN and IPsec VPN or site-to-site VPN features are valuable. The clustering feature is also valuable. We have two ISP links. Whenever there is a failover, users don't even get to know. The transition is very smooth, and the users don't notice any latency. So, remote VPN, site-to-site VPN, and failover are three very powerful features of Cisco ASA."
  • "Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information."
  • "There is huge scope for improvement in URL filtering. The database that they have is not accurate. Their content awareness and categorization for URL filtering are not that great. We faced many challenges with their categorization and content awareness. They should improve these categorization issues."

What is our primary use case?

We are using Cisco ASA Firewall 5525 for network security. We needed a network security solution that can take care of the network security and URL filtering. We also wanted to create site-to-site VPNs and have remote VPNs. For all these use cases, we got Cisco ASA, and we are pretty happy with it.

What is most valuable?

The remote VPN and IPsec VPN or site-to-site VPN features are valuable. The clustering feature is also valuable. We have two ISP links. Whenever there is a failover, users don't even get to know. The transition is very smooth, and the users don't notice any latency. So, remote VPN, site-to-site VPN, and failover are three very powerful features of Cisco ASA.

Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information.

What needs improvement?

There is huge scope for improvement in URL filtering. The database that they have is not accurate. Their content awareness and categorization for URL filtering are not that great. We faced many challenges with their categorization and content awareness. They should improve these categorization issues.

What do I think about the stability of the solution?

It is very reliable.

What do I think about the scalability of the solution?

It is scalable. Cisco is pretty popular with organizations, and many customers are using it. It is suitable for all kinds of customers. It can cater to small, medium, and large organizations.

How are customer service and technical support?

I have interacted with them many times. I have been on a call with their technical support continuously for 48 hours. They were very prompt. In terms of technical support and documentation for switching, firewall, and routing solutions, no one can match Cisco.

How was the initial setup?

Its initial setup was very straightforward. Its documentation is very easily available on the web, which is very useful.

What's my experience with pricing, setup cost, and licensing?

Their pricing is very aggressive and good. Even a small company can afford it. I am happy with its pricing. Its licensing is on a yearly basis.

What other advice do I have?

I would recommend this solution to others if they are not specifically looking for URL filtering and want to use it for their infrastructure. It is a perfect and very reliable solution, but it lacks when it comes to URL filtering. 

I would rate Cisco ASA Firewall a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2025
Buyer's Guide
Download our free Cisco Secure Firewall Report and get advice and tips from experienced pros sharing their opinions.