Cisco Secure Firewall Reviews

We primarily use the solution in order to create access rules. That's what I use it for mostly. Sometimes, if I need to do some mapping, I may also leverage this product.  

In terms of access, the solution is great at making sure that the firewall has the right IPs, or that the right IPs are passing through where they should be. 

The product does a good job of making sure that the connection is one that the user can trust. It keeps everything secure.

From what I've already done with ASA, I've noted that it's a very simple solution. 

It is a very user-friendly product. I started with the GUI version. There are different versions. You could have the CLA, and the GUI version if you like. Both are really user-friendly and they're easy to learn. 

We haven't been working with the product for too long, and therefore I haven't really found any features that are lacking. So far, it's been pretty solid.

One of the things that would make my life easier on ASA, especially for the CLA, is if it had an ASBN feature, specifically for the CLA. This would allow you to be able to see at once where a particular object group is being used without having to copy out all the object groups that have already been created.

I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI.

I've been using the solution for six months now. It's been less than a year. It hasn't been too long just yet.

The solution has been quite stable.

Most of the clients that we deal with use this solution. No one has ever complained about having a breach or anything, to the best of my knowledge, even though we see some people combine different firewalls together, and use them alongside Cisco ASA. So far, we've not had any issue with Cisco ASA. It's reliable and keeps our clients safe.

I've never tried to scale the product. I haven't worked with it too long at this point. I wouldn't be able to comment on its scalability potential.

I've never dealt with technical support yet. I can't speak to their level or response or their knowledge of the product.

In the past, I've worked with Check Point and Fortinet as well.

I've been handling the implementation. So far, it's been good, even with no prior knowledge of the solution itself. It's my first time working with it.

On my team, lots of people are working on different aspects, and most of the setup is being done by those that have more knowledge about the firewall than we have. We don't have anything to do with the setup, we just make sure that we implement whatever connections the clients already have. It's already broken down that way, just to avoid as many mistakes as possible.

We already have a process for implementation based on the number of connections. The maximum we normally work on each connection is maybe 20 to 30 minutes. However, the process could be as little as one minute. It depends on how many connections we want to add at a time.

We're handing the implementation via our own in-house team.

I'm just handling the implementation and therefore don't have any insights on the pricing aspect of the solution. I wouldn't be able to say how much the company pays or if the pricing is high or low.

That said, the pricing isn't an issue. It's more about what's best for the customer or the client. We want to give the client the best service, and very good protection. If a client begins to worry about pricing, we can't exactly guarantee the same level of safety.

Our company has a partnership with Cisco.

We have different clients and therefore use different versions of the solution. Nobody wants to use an out-of-date version, and therefore, we work to keep everything updated.

Overall, I would rate the solution at a nine out of ten.

We are an IT integrator. We include parts of the infrastructure as part of our services, which includes firewalls, routers, switches, and even some end-user devices. We are deploying Cisco, Palo Alto, and Aruba. We are a very big company, and we have probably about 300,000 employees all over the world.

We use this solution for security and for enabling site-to-site VPN. We have on-premises and cloud deployments, and we are using the latest version of this solution. It is 5500 or something like that. 

The configuration capabilities and the integration with other tools are the most valuable features. 

I really like this product. Cisco is one of my favorite brands, and I always think Cisco solutions are very reliable, easy to configure, and very secure.

It can probably provide a holistic view of different appliances because many customers do not have only one brand, besides the traditional SNMP protocols, to cover all their devices. There are some specific requirements in terms of configurations or actions that sometimes have to be done in a very manual way because of the different versions or brands in a customer's infrastructure.

It could also have some additional analytics capabilities. It has some very interesting ways to monitor the traffic and identify false positives from the architecture and the environment. It would be good if there is a way to patch with some other industry-specific solutions and synchronize some of the information, such as what other customers experience in their operations and probably share some additional information that could be leveraged or shared among the industry. Such information would be something interesting to see. It could have AI capabilities related to how the appliances could benefit from learning the current environment and different exposures.

I have been using this solution since the beginning of this company, which would be more than 20 years.

It is stable and reliable.

There is no real limit to the way they can scale. It is very easy to integrate additional firewalls or even nodes on appliances. Whenever needed, they are stackable. They are very flexible in that sense. Our clients are large businesses.

The service that we have received from Cisco has been reliable, fast, and efficient. They are very good. As long as you have a contract, you can rely on them. You should also have a technical team certified or at least trained on the infrastructure to provide in-depth first-level help. 

I have also used other solutions like Palo Alto. The capabilities are pretty much the same. It is just a matter of how they integrate with the overall landscape of the customers. Palo Alto seems to be the top end firewall these days, but the customers might have purchased Cisco in the past or have a DNA subscription using which they could probably take advantage of the security landscape that Cisco offers. It is more about what is the overall benefit rather than just the appliance.

They seem to be at the top end in terms of pricing, but they are worth the price. They are probably a little bit lower than Palo Alto. If the customers are relying on Cisco products and they are thinking more in terms of scaling to another layer in a year, it is pretty much in a good price range.

I would suggest to be sure that it smoothly integrates with the infrastructure that you have. Try to take advantage of the DNA subscription and the new monitoring features that it has. Be informed about what's new with this product.

I would rate Cisco ASA Firewall a nine out of ten.

I use it to protect my DMZ from external attacks.

Last year, we received a lot of linear service attacks in our environment during the Black Friday season. Cisco Firepower blocked every attack.

The Adversity Malware Protection (AMP) feature is the most valuable. 

It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard.

Its interface is sometimes is a little bit slow, and it can be improved.

When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. 

In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment.

I have been using Cisco Firepower for two years.

We use it specifically for DMZ, so we don't need it to scale it up. Because we are using this solution for a specific environment, we don't plan to increase its usage.

We have a few teams who use this solution. We have the information security team for reading the logs and policies. We have administrators, and we also have contractors for the network operation center to analyze some logs and reports. 

We have used their technical support. They are amazing. Cisco's technical support is the best.

We have used Check Point and one more solution. The main difference is in the IPS signatures. Cisco Firepower has precise and most updated IPS signatures.

The initial setup is easy. The deployment took two months because we didn't have Firepower previously, and it took us some time to plan and implement.

We used our reseller and contractor to deploy Cisco Firepower. They were good.

I would recommend this solution. I would rate Cisco Firepower a nine out of ten. 

Our primary use case is as a data center firewall for internet firewalls and also as a VPN concentrator. I'm the chief technology officer and we are partners of Cisco. 

In terms of features there hasn't been much improvement but it's a very stable solution and a very good firewall with almost all of the features required for next generation firewall purposes. Almost all the firewalls on the market have the same features available, but if you take into account the integrations and reporting of Cisco, it's a little better than the others. In particular, the briefing reporting is better. With Fortinet we would probably have to use FortiAnalyzer as a separate reporting module for Fortinet, but here the reporting is good.

There needs to be an improvement in the time it takes to deploy the configurations. It normally takes two to four minutes and they need to reduce this. The deployment for any configuration should be minimal. It's possibly improved on the very latest version. 

An additional feature I would like to have in Firepower would be for them to give us the data from the firewall - Cisco is probably working on that. 

I've been using this solution for close to five years. 

The scalability is very good. 

We generally provide support but if we're not able to resolve an issue, we escalate it to Cisco and they're great. They are one of the best support services I've used and it's one of the reasons Cisco is doing so well in the market. 

I also work with Fortinet and Palo Alto. Fortinet is also a really good product but Cisco is a leader in next generation firewalls and now that they are catching up to Fortinet, they have provided a lot of features and flexibility. I personally see Cisco as being good for large enterprise companies and Fortinet is better for families as well as small and medium size businesses. When it comes to Palo Alto, the high price point is one thing that is an issue, some companies are unable to afford it. Palo Alto is good but Cisco is catching up to them and I believe in a year or two, Cisco will probably match Palo Alto as well and be much better. 

The initial setup is not too complex, but as with Fortinet, they have some detailed steps required which adds to the flexibility also. With flexibility comes a bit of complexity, but it's not too bad. Deployment time takes a few minutes. I am responsible for implementation and maintenance for our clients. We were previously deploying only for medium or large enterprise companies but Cisco has come up with the 1000 and 1100 series firewalls for smaller companies which is pretty good. They're a cost-effective solution and competitive in the market. 

Cisco falls somewhere in the middle in terms of pricing, it's not very expensive and it's not very cheap. There is an additional accessory fee associated with Cisco but normally they have a separate subscription cost for different types of security to protect the firewall. There are separate bundles available inside the pricing and that's probably true for all of the firewalls. 

Cisco is a large, good and reliable firewall. They are working on advanced features and catching up with the leaders in the market. I believe that's a score for them. A yearly subscription is cheaper than Palo Alto and Fortinet offer. They provide good support and once it's loaded, it doesn't give a lot of problems, that's very important.

I would rate this solution an eight out of 10. 

Our company sells Cisco Firewalls and the ASA is one of the products that we implement for our clients. The primary use cases are internet access, AnyConnect, and VPN.

The most valuable features are the provision of internet access, AnyConnect, and VPN capabilities. Because I primarily deal with the VPN functionality, I don't get very deep into the IPS or other capabilities.

I have worked with the new FTD models and they have more features than the ASA line.

We have been dealing with Cisco ASA since about 2002.

I am very happy with its stability and the product in general.

In our organization, we only have one in our data center that all of our people pass through. However, I've got clients that have thousands running through large Cisco firewalls.

Cisco's technical support has always been excellent. They have great support.

I have dealt with four or five others, but so far, I have the most experience with Cisco.

Recently, I worked with the new FTD 1000 or 1100 series, and they do a lot.

The complexity of the initial setup depends on the environment. Sometimes, it's brand new whereas other times, I install a replacement for an existing Cisco device or some other product.

I am in charge of installing and configuring our Cisco Firewall solutions.

I would rate this solution a ten out of ten.

We primarily use the solution for the various firewalls.

Cisco is powerful when it comes to detecting intrusions. It's better than, for example, Fortinet.

Cisco has multiple products - not just firewalls. The integration between other items provides a powerful end-to-end solution. It's nice and easy. There is one management system and visibility into all of the features. Using the same product is more powerful than using multiple systems. Cisco is known by most customers due to the fact that at least they have switches. However, when clients say "we need an end-to-end option" Cisco is there.

The stability is very good.

Technical support services are excellent.

Before an ASA, it was a live log. It was easy and comfortable to work with. After the next-generation firewall, Firepower, the live log became really slow. I cannot reach the information easily or quickly. This has only been the case since we migrated to next-generation firewalls.

There is some delay between the log itself. It's not really real-time. Let's say there's a delay of more than 20 seconds. If they had a monitoring system, something to minimize this delay, it would be good.

It would be ideal if I could give more bandwidth to certain sites, such as Youtube.

I work with Fortinet also, and I find that Fortinet is easier now. Before it was Cisco that was easier. Now Fortinet is simpler to work with.

On firewall features, Fortinet is better. Cisco needs to become more competitive and add more features or meet Fortinet's offering.

I've been using the solution since about 2003, when I originally implemented it.

The solution is extremely stable. We don't have any issues whatsoever. It doesn't have bugs or glitches. It works well. Occasionally, it may need patches, however, there's very little downtime.

The scalability of the solution is very good. We have no trouble expanding the solution.

They have multiple products that fit in multiple areas. They also have virtual firewalls, which are working well in virtualization systems. They have the data center firewalls feature for data centers. It's scalable enough to cover most of the use cases that might arise.

Cisco offers excellent technical support.  They're useful and very responsive - depending on the situation itself. Sometimes we require the support of agents and we've found Cisco to have one of the best support systems in the market.

I also work with Fortinet, and it's my sense that, while Fortinet is getting easier to use, Cisco is getting harder to deal with.

The initial setup is not complex at all. It's pretty straightforward.

A full deployment takes between two and three days. It's pretty quick to set up.

The pricing is neither cheap nor expensive. It's somewhere in the middle. If you compare it to Fortinet or Palo Alto, Fortinet is low and Palo Alto is very high. Cisco falls in the middle between the two.

As far as deployment options go, they often have more wiggle-room with discounts, especially for larger deployments. Therefore, in general, it ranges closer to Fortinet's pricing.

We're partners with Cisco, Fortinet, and Palo Alto.

I work with on-premises deployments and virtual firewalls, however, I don't use the cloud.

The solution works well for medium-sized enterprises.

Overall, I would rate the solution nine out of ten.

I'd recommend users to layer in solutions. At the perimeter, if they have two tiers, I'd recommend Palo Alto as the first and then Cisco ASA as the second. Cisco can work on the data center or Fortinet. In the case of Fortinet, they have the best backline throughput from all of the other products.

I like them mostly because they don't break and they have great diagnostics. If something is awry, you can generally figure it out. And of course, everybody has a VPN, but I like the security of their VPN.

They should improve their interface and ensure that people actually know what they're doing before they start programming; that would make me happy. But that's never going to happen — it's a total pipe dream.

Some of the next-generation stuff that Cisco is doing now allows you to add web filtering and provides more security inside the device. That's why we were looking at the Next-Generation Firewall.

I have been using this solution since they developed it.

I've had a couple of issues. Way back, they had a power supply that had to be changed out. They also had some issues with the 5500 series. Other than that, they're pretty rock-solid.

Within their limitations, yes, they're scalable. You don't want to put a 5506 in when you need a 5525 — you'll never get it there. If properly sized, they're scalable, but you can't make a 5506 a 5525 — there're different processors and everything. You have to know where you're going. You have to know your customer first.

The tech support is good. The documentation is verbose almost to the point of being confusing if you don't know what it is you're looking for.

It's only confusing if you have somebody who is not familiar with it. They give you every option in great detail, so you can spend time searching through a manual that you might not otherwise. Here's an example: take Sophos or SonicWall — let's say the manual for SonicWall is 25 to 30 pages; that same Cisco documentation is going to be three times that size or more.

It's not that it needs to be simplified, the people using it need to be knowledgeable. It is not a novice box, we'll put it that way.

We've been with Cisco for a long time. We've used their routers and gadgets for years and years.

The initial setup is quite straightforward.

I would guess that the market value of Cisco is going to be towards the higher-end. I don't know that it's the highest, but feature for feature, I'd say it's probably well-priced.

Cisco ASA Firewall Is not as much of a plug and play solution as some of the others. You just need to make sure that you do your research.

On a scale from one to ten, I would give Cisco ASA Firewall a rating of nine.

My primary use case with Cisco Firepower NGFW is implementing, configuring, maintaining, and troubleshooting lab and customer devices in both lab and production environments.

Using best practices for configuration, as well as fine-tuning intrusion policies and utilizing as many of the features that the firewall has to offer, which are feasible in said environment.

Overall, I am confident to say that I have worked with every flavor of Cisco Firepower NGFW, be it their older IPS-only sensors, ASA with Firepower services, as well as the FTD sensor itself.

Cisco Firepower NGFW has improved our organization by giving us the opportunity to protect both our network and our customer's environments. Being able to work with the device in a lab environment and utilizing the whole feature set is really easy with the Evaluation licenses of 90 days on the FMC. The only thing that you need is an environment with enough resources to virtualize both the FMC and FTD sensors.

I would like to emphasize the easy-to-use evaluation period of the Cisco Firepower NGFW because many other firewall vendors lack this and it is a real pain having to test everything in production environments because you cannot build a good lab environment without paying for licenses.

The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. 

Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more.

All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update.

I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device. 

Also, they need to ensure that all of the implemented features are working as they should, and able to integrate with more third-party software in an easier manner.

As it stands currently, Cisco is doing this, but I am not confident enough to say that their QA team is doing as good a job as they should as there have been software releases that were immediately pulled back the same day as they were released.

I have been working with Cisco NGFW for almost five years as of 2020.

I have seen devices working without any issues and/or without a reboot of the device for many years (although I do not recommend this) running on base versions of the software, and I have seen an out-of-the-box fresh install having many stability issues. However, overall my impression is that the most recent software versions are very stable without any evident underlying issues.

Keep your software up-to-date and the solution should be stable.

Cisco Firepower NGFW has a large variety of devices that are able to accommodate every company's needs, be they small or large. Overall, the scalability of the devices is very good.

Experience with Cisco TAC has been awesome almost always. The SLAs are kept every time, which is very hard to get from any of the other firewall vendors. I have not seen any other vendor get you a proficient engineer on the phone within 15 minutes.

Cisco ASA and Firepower NGFW is the first firewall solution that I have and am still using.

Once you deploy a few of these devices, the initial setup is really straightforward and easy to do unless the position of the firewall on the network needs you to do some connectivity magic in order for it to work.

All of the implementations that we have done are with in-house teams, so I have no overview of the vendor team.

Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed. In some cases, this may save you a lot of money or stress, which is why everyone who uses Cisco solutions loves them.

I have worked with many other firewall vendors in both production and lab environments such as CheckPoint, Palo Alto, Fortinet, Juniper, but to be honest I find Cisco's firewall solutions and Palo Alto's firewall solution to be the best.

I believe that Cisco Firepower NGFW is the future leader in NGFW, with only maybe Palo Alto being the main competitor. This is very good, as we all know that having a rival is good for us, the users :)